Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130701151000.GL2696@suse.de>
Date: Mon, 1 Jul 2013 17:10:00 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: information leak in AF_KEY notify messages

Hi,

found in the mainline kernel git:

commit a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887
Author: Mathias Krause <minipli@...glemail.com>
Date:   Wed Jun 26 23:52:30 2013 +0200

    af_key: fix info leaks in notify messages

    key_notify_sa_flush() and key_notify_policy_flush() miss to initialize
    the sadb_msg_reserved member of the broadcasted message and thereby
    leak 2 bytes of heap memory to listeners. Fix that.

    Signed-off-by: Mathias Krause <minipli@...glemail.com>
    Cc: Steffen Klassert <steffen.klassert@...unet.com>
    Cc: "David S. Miller" <davem@...emloft.net>
    Cc: Herbert Xu <herbert@...dor.apana.org.au>
    Signed-off-by: David S. Miller <davem@...emloft.net>

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.