Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 27 Aug 2009 12:49:26 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: AF_LLC getsockname 5-Byte
 Stack Disclosure

Eugene Teo wrote:
> sllc_arphrd member of sockaddr_llc might not be changed. Zero sllc 
> before copying to the above layer's structure.
> 
> Note that LLC sockets are restricted to root since v2.6.25-rc9 (see 
> commit 3480c63b).
> 
> Upstream commit:
> http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc
> 
> Reproducer:
> http://jon.oberheide.org/files/llc-getsockname-leak.c
> 
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=519305

There are some more fixes that addressed similar infoleaks:

e84b90ae5eb3c112d1f208964df1d8156a538289
     can: Fix raw_getname() leak
09384dfc76e526c3993c09c42e016372dc9dd22c
     irda: Fix irda_getname() leak
3d392475c873c10c10d6d96b94d092a34ebd4791
     appletalk: fix atalk_getname() leak
f6b97b29513950bfbf621a83d85b6f86b39ec8db
     netrom: Fix nr_getname() leak
80922bbb12a105f858a8f0abb879cb4302d0ecaa
     econet: Fix econet_getname() leak
17ac2e9c58b69a1e25460a568eae1b0dc0188c25
     rose: Fix rose_getname() leak

It would make sense to address these with the same CVE name as this one.

Thanks, Eugene

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.