Date: Tue, 9 Jul 2013 12:03:40 -0700 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: Chanam Park <chanam.park@...co.kr> Subject: Linux kernel libceph NULL function pointer dereference (CVE-2013-1059) Chanam Park discovered that a crafted auth_reply message could cause a NULL function pointer dereference in the libceph auth_none handler. A remote attacker could use this flaw to cause a denial of service. If a malicious Ceph monitor sends an auth_reply message with the value of -EAGAIN in the result field, ceph_build_auth_request() will call the ceph_auth_client_ops->build_request() function pointer without checking to see if the build_request() pointer is NULL. The auth_none handler does not initialize its build_request() pointer. See http://hkpco.kr/advisory/CVE-2013-1059.txt for more information. The fix can be found in the upstream ceph-client.git tree: https://git.kernel.org/cgit/linux/kernel/git/sage/ceph-client.git/commit/?id=2cb33cac622afde897aa02d3dcd9fbba8bae839e Tyler Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.