Bugtraq mailing list archives

Big problem on linux 2.0

From: visi0n () AUX-TECH ORG (visi0n)
Date: Sat, 11 Dec 1999 21:11:02 +0000


        I did a little patch for kernel 2.0.38:

+++ socket.c    Thu Dec  9 21:06:51 1999
@@ -1039,7 +1039,7 @@
        register struct msghdr msg;
        register struct iovec iov;

-       if (len < 0)
+       if (len < 0 || len >= 65468)
                return -EINVAL;

        err = verify_area(VERIFY_READ, buff, len);

===============================================================================
visi0n
AUX Technologies
[www.aux-tech.org]

Current thread:

Re: Analysis of trin00, (continued)
- - - Re: Analysis of trin00 Stefan Aeschbacher (Dec 09)
    - Re: Analysis of trin00 Jacob Langseth (Dec 09)
    - ISSalert: ISS Security Advisory: Buffer Overflow in Solaris Snoop Aleph One (Dec 09)
    - Re: Analysis of trin00 Stefan Aeschbacher (Dec 09)
    - xsw 1.24 remote buffer overflow Aleph One (Dec 09)
  - Analysis of Tribe Flood Network Dave Dittrich (Dec 07)
    - Re: Analysis of Tribe Flood Network Mixter (Dec 08)
    - Re: Analysis of Tribe Flood Network Stefan Laudat (Dec 10)
    - Error in System Policies Adam Simms (Dec 10)
    - Re: Analysis of Tribe Flood Network Mixter (Dec 11)
    - Big problem on linux 2.0 visi0n (Dec 11)
    - Re: Big problem on linux 2.0 visi0n (Dec 11)
    - Re: Big problem on linux 2.0 Andrea Arcangeli (Dec 14)
    - HP-UX: Security Vulnerability in wu-ftp Aleph One (Dec 13)
- From the SCO Security Page Alfred Huger (Dec 06)
- w00giving #8] Solaris 2.7's snoop Aleph One (Dec 06)
  - Re: w00giving #8] Solaris 2.7's snoop Shane A. Macaulay (Dec 09)
  - Clarification needed on the snoop vuln(s) Alfred Huger (Dec 09)
- FTP denial of service attack Darren Reed (Dec 07)
  - Re: FTP denial of service attack Renaud Deraison (Dec 07)
    - FTP DoS - PORT and PASV effected. Darren Reed (Dec 07)

(Thread continues...)