Date: Thu, 27 Aug 2009 12:49:26 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure Eugene Teo wrote: > sllc_arphrd member of sockaddr_llc might not be changed. Zero sllc > before copying to the above layer's structure. > > Note that LLC sockets are restricted to root since v2.6.25-rc9 (see > commit 3480c63b). > > Upstream commit: > http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc > > Reproducer: > http://jon.oberheide.org/files/llc-getsockname-leak.c > > Reference: > https://bugzilla.redhat.com/show_bug.cgi?id=519305 There are some more fixes that addressed similar infoleaks: e84b90ae5eb3c112d1f208964df1d8156a538289 can: Fix raw_getname() leak 09384dfc76e526c3993c09c42e016372dc9dd22c irda: Fix irda_getname() leak 3d392475c873c10c10d6d96b94d092a34ebd4791 appletalk: fix atalk_getname() leak f6b97b29513950bfbf621a83d85b6f86b39ec8db netrom: Fix nr_getname() leak 80922bbb12a105f858a8f0abb879cb4302d0ecaa econet: Fix econet_getname() leak 17ac2e9c58b69a1e25460a568eae1b0dc0188c25 rose: Fix rose_getname() leak It would make sense to address these with the same CVE name as this one. Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.