Date: Mon, 25 Oct 2010 17:52:36 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org>, Eugene Teo <eugeneteo@...nel.sg> Subject: Re: CVE request: multiple kernel stack memory disclosures All, I apologize for taking so long to handle this. Dan, thanks for being so diligent about digging up more information! That couldn't have been easy, let alone fun. - Steve ======================================================================== http://www.openwall.com/lists/oss-security/2010/10/07/1 Author: Dan Rosenberg > ipc/shm.c (shmctl), reported and fixed by Kees Cook > Affects >= 2.6.0, >= 2.4.0 > > Reference: > http://lkml.org/lkml/2010/10/6/454 CVE-2010-4072 > ipc/compat.c (compat versions of semctl, shmctl, and msgctl) > Affects >= 2.6.8 > > ipc/compat_mq (compat versions of mq_open and mq_getsetattr) > Affects >= 2.6.8 > > Reference: > http://lkml.org/lkml/2010/10/6/492 CVE-2010-4073 ======================================================================== http://www.openwall.com/lists/oss-security/2010/10/06/6 Author: Dan Rosenberg Due to the high variation in affected kernel versions, most of these are SPLIT. >TIOCGICOUNT stack leaks: (see http://lkml.org/lkml/2010/9/16/294) > usb/serial/mos*.c > Fixed in 2.6.36-rc5 > Affects >= 2.6.19 CVE-2010-4074 >drivers/serial/serial_core.c >Not fixed yet (Alan Cox's fix will be in 2.6.37) >Affects >= 2.6.0 CVE-2010-4075 >drivers/char/amiserial.c >Not fixed yet (Alan Cox's fix will be in 2.6.37) >Affects >= 2.6.0, >= 2.4.0 CVE-2010-4076 >drivers/char/nozomi.c >Not fixed yet (Alan Cox's fix will be in 2.6.37) >Affects >= 2.6.25 CVE-2010-4077 >drivers/net/usb/hso.c (CVE-2010-3298) >Fixed in 2.6.36-rc5 >Affects >= 2.6.29 Already assigned - CVE-2010-3298 >FBIOGET_VBLANK stack leaks: >drivers/video/sis/sis_main.c >Fixed in 2.6.36-rc6 >Affects >= 2.6.11 CVE-2010-4078 >drivers/video/ivtv/ivtvfb.c >Not fixed yet (patch has been queued) >Affects >= 2.6.24 CVE-2010-4079 >Miscellaneous device ioctl stack leaks: >sound/pci/rme9652/hdsp*.c >Fixed in 2.6.36-rc6 >Affects >= 2.6.0 (hdsp.c), >= 2.6.13 (hdspm.c) These are SPLIT because the affected files are in different versions. hdsp.c - CVE-2010-4080 hdspm.c - CVE-2010-4081 >drivers/video/via/ioctl.c >Fixed in 2.6.36-rc5 >Affects >= 2.6.28 CVE-2010-4082 >drivers/net/cxgb3/cxgb3_main.c (CVE-2010-3296) >Fixed in 2.6.36-rc5 >Affects >= 2.6.21 Already assigned - CVE-2010-3296 >drivers/net/eql.c (CVE-2010-3297) >Fixed in 2.6.36-rc5 >Affects >= 2.6.0, >= 2.4.0 Already assigned - CVE-2010-3297 >System call stack leak: >ipc/sem.c >Not fixed yet (patch queued) >Affects >= 2.6.0, >= 2.4.0 Presumably the lack of a current patch means this will affect a different version than CVE-2010-4072 (ipc/shm.c shmctl), see above. CVE-2010-4083 - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.