Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 25 Oct 2010 17:52:36 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Eugene Teo <eugeneteo@...nel.sg>
Subject: Re: CVE request: multiple kernel stack memory
 disclosures



All,

I apologize for taking so long to handle this.  Dan, thanks for being
so diligent about digging up more information!  That couldn't have
been easy, let alone fun.

- Steve


========================================================================

http://www.openwall.com/lists/oss-security/2010/10/07/1

Author: Dan Rosenberg


>  ipc/shm.c (shmctl), reported and fixed by Kees Cook
>  Affects >= 2.6.0, >= 2.4.0
>
>  Reference:
>  http://lkml.org/lkml/2010/10/6/454

CVE-2010-4072


>  ipc/compat.c (compat versions of semctl, shmctl, and msgctl)
>  Affects >= 2.6.8
>
>  ipc/compat_mq (compat versions of mq_open and mq_getsetattr)
>  Affects >= 2.6.8
>
>  Reference:
>  http://lkml.org/lkml/2010/10/6/492

CVE-2010-4073


========================================================================

http://www.openwall.com/lists/oss-security/2010/10/06/6

Author: Dan Rosenberg

Due to the high variation in affected kernel versions, most of these
are SPLIT.



>TIOCGICOUNT stack leaks:

(see http://lkml.org/lkml/2010/9/16/294)

>  usb/serial/mos*.c
>  Fixed in 2.6.36-rc5
>  Affects >= 2.6.19

CVE-2010-4074


>drivers/serial/serial_core.c
>Not fixed yet (Alan Cox's fix will be in 2.6.37)
>Affects >= 2.6.0


CVE-2010-4075


>drivers/char/amiserial.c
>Not fixed yet (Alan Cox's fix will be in 2.6.37)
>Affects >= 2.6.0, >= 2.4.0


CVE-2010-4076

>drivers/char/nozomi.c
>Not fixed yet (Alan Cox's fix will be in 2.6.37)
>Affects >= 2.6.25

CVE-2010-4077


>drivers/net/usb/hso.c (CVE-2010-3298)
>Fixed in 2.6.36-rc5
>Affects >= 2.6.29

Already assigned - CVE-2010-3298


>FBIOGET_VBLANK stack leaks:


>drivers/video/sis/sis_main.c
>Fixed in 2.6.36-rc6
>Affects >= 2.6.11

CVE-2010-4078


>drivers/video/ivtv/ivtvfb.c
>Not fixed yet (patch has been queued)
>Affects >= 2.6.24

CVE-2010-4079


>Miscellaneous device ioctl stack leaks:

>sound/pci/rme9652/hdsp*.c
>Fixed in 2.6.36-rc6
>Affects >= 2.6.0 (hdsp.c), >= 2.6.13 (hdspm.c)

These are SPLIT because the affected files are in different versions.

hdsp.c - CVE-2010-4080

hdspm.c - CVE-2010-4081


>drivers/video/via/ioctl.c
>Fixed in 2.6.36-rc5
>Affects >= 2.6.28

CVE-2010-4082


>drivers/net/cxgb3/cxgb3_main.c (CVE-2010-3296)
>Fixed in 2.6.36-rc5
>Affects >= 2.6.21


Already assigned - CVE-2010-3296


>drivers/net/eql.c (CVE-2010-3297)
>Fixed in 2.6.36-rc5
>Affects >= 2.6.0, >= 2.4.0


Already assigned - CVE-2010-3297


>System call stack leak:

>ipc/sem.c
>Not fixed yet (patch queued)
>Affects >= 2.6.0, >= 2.4.0

Presumably the lack of a current patch means this will affect a
different version than CVE-2010-4072 (ipc/shm.c shmctl), see above.

CVE-2010-4083


- Steve

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.