Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 3 Jul 2013 18:35:33 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: Earlier AF_KEY in
	key_notify_policy_flush

On Wed, Jul 03, 2013 at 11:02:13AM +0200, Marcus Meissner wrote:
> Hi,
> 
> Michal Hocko identified an earlier patch for an AF_KEY information leak,
> in nearly the same place as CVE-2013-2234.

URL:
https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40
 
> Due to different time of fix and different researcher probably
> needs a new CVE.
> 
> Ciao, Marcus
> 
> commit 85dfb745ee40232876663ae206cba35f24ab2a40
> Author: Nicolas Dichtel <nicolas.dichtel@...nd.com>
> Date:   Mon Feb 18 16:24:20 2013 +0100
> 
>     af_key: initialize satype in key_notify_policy_flush()
>     
>     This field was left uninitialized. Some user daemons perform check against this
>     field.
>     
>     Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
>     Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.