Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Dec 2015 13:15:07 -0500 (EST)
From: cve-assign@...re.org
To: meissner@...e.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux Kernel: information leak from getsockname

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://twitter.com/grsecurity/statuses/676744240802750464
> https://lkml.org/lkml/2015/12/14/252
> http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1

(not yet available at
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/net/ppp/pptp.c)

> getsockname() for some socket families did not check the length of the passed sockaddr,
> copying out more kernel memory than required, leaking information from the kernel stack,
> including kernel addresses. This can be used for KASLR bypass or other information leaks.

Use CVE-2015-8569 for both the pptp_bind issue and the pptp_connect
issue. (We don't know whether the pptp_connect issue would've been
exploitable if only the pptp_bind issue were fixed.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWcFbvAAoJEL54rhJi8gl5ipsQALG7+8zUMjL85EDHbBd6N5CC
sLcprIeZvir4u9alc/ElVojU3QYChlJumkHRB0BAxhVmUkrGbn6P0BEilbEff5vm
L5VHhBkFhNSxcJtx1cehUOQOuxyQ0phiol5JojOjXAhXwTZbhMyVCuiw7qdP3OJj
ltdLTon3a0Ctt5MPZSGCHJzDCCheUd9cVdpbzM1ynPIZPiRookaSt34SRDit8ADg
9pybsyev7KV0eanVPB1iaxej5HEu4B2KUYwzA/5Y2g1Qx51R9GpwcPqw7OKXjoMe
gu0JKbHmbVxj3oHl+GcMZaNEhsO5lRJ5qJ5ulq+MtAQ2rFpAaYlP/uFmm0A3J6Gz
r0BqKs4R2zc1fo4/aB5ieTKBeVHjj5xIXyGOhjHqyBkpVKwS7dOAoDq9jT6f6an4
Ibavbs0vk4imUOg6dfU3tvstvN++j2iEgK7OPuI68YQvu47PiaEYGm+uuZeFtASs
ZDWekpHPfHAsrUADaSx6aO8s7k1/fSzKSf+KnI3Sf9DPjiCA7mMEM5xo/epiEqZk
nMlwju5T2iChN7/q61LLnJPoilfdkpwruayM0xNs/SVmfkvKXmQt6R7ykfhLe1eu
Byg1HcyTZV5jiQOqUI2nWTuTiqTDRUKS0qjHmO7bfnA/7lzId8ilCZfyt6IwciV4
YccJUdQEqfUy1+I5unzr
=bV38
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.