Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 9 Jul 2013 12:03:40 -0700
From: Tyler Hicks <>
Cc: Chanam Park <>
Subject: Linux kernel libceph NULL function pointer dereference

Chanam Park discovered that a crafted auth_reply message could cause a
NULL function pointer dereference in the libceph auth_none handler. A
remote attacker could use this flaw to cause a denial of service.

If a malicious Ceph monitor sends an auth_reply message with the value
of -EAGAIN in the result field, ceph_build_auth_request() will call the
ceph_auth_client_ops->build_request() function pointer without checking
to see if the build_request() pointer is NULL. The auth_none handler
does not initialize its build_request() pointer.

See for more information.

The fix can be found in the upstream ceph-client.git tree:


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.