Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 07 Mar 2013 20:32:03 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com, spender@...ecurity.net,
        Kurt Seifried <kseifrie@...hat.com>
Subject: Re: CVE Request -- Linux kernel: sctp: SCTP_GET_ASSOC_STATS
 stack overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/07/2013 08:23 PM, Petr Matousek wrote:
> A local user could use the missing size check in 
> sctp_getsockopt_assoc_stats() function to escalate their
> privileges. On x86 this might be mitigated by destination object
> size check as the destination size is known at compile time.
> 
> Upstream fix: 
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=726bc6b0
>
>  Introduced by: 
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=196d6759
>
>  Introduced in: v3.8-rc1
> 
> References: 
> https://twitter.com/grsecurity/status/309805924749541376 
> http://grsecurity.net/~spender/sctp.c
> 
> Thanks,

Please use CVE-2013-1828 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJROVuzAAoJEBYNRVNeJnmTgrEP/1t7nexDh1neyWVu91vPpLSa
Y4yTteT4upyPE5icg6zobUW6FV/gOxsleduj427zn+uq7IcwspAc3QH3QAjgeaIj
0vlYlD7PBwk9HnIMjH03+ttbJolP7JGdU/Qh43LH+wDoxDI5OfmGNoN3+znpMXKn
vplIYvFtqBsVrk3ead6f4MTPrdvv5+v/kSiXaXBD6GHL0uQP1+RR2XfnkUTiuJhQ
ggd35oUz5IUMGVgwEoLCh93n/KdTq1f80gNZSQU9exjHwS45TQ7iS1bdm5adS4eq
U6QNX9BHTZNGGq3edajHsmdmr/DKsYrul8bzTOWnfjCpdmCLzYQ9GKemvzlTM4+J
E+53TTAFDAkhDzbzNo6TX9jN71Iv4CYHITu3N0qa7PL3Q/B5He/1NRK2Tx5bKJIv
YsJRiojwTg/6hcv+tQEEnrnWeNj0BZeQ8B4RI/Y8uZavuKffG0rZx2/iRtLty/TE
vzMWLuyZgNaIZ6xMF0lTveHUaNYggoCtkLR7crY+s4qeltao1WdARYAWWRM2/2mv
kZBWApR3sQbsNbJtxj4RmEegKaK+Hyoq+SRN/YIGlIzhsAIpuzNUOEj8MCbyZ7T8
E7uQdR9z/BL8wDlmwgcKSGVnLqy9RkoKFGOrPLvTD2RumtwqfcWUQ2T9z/+NT+LP
LxHxLq9KgHOCIxSEfZN6
=Mtxy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.