Bugtraq mailing list archives
Re: Big problem on linux 2.0
From: andrea () SUSE DE (Andrea Arcangeli)
Date: Tue, 14 Dec 1999 23:09:36 +0100
On Sat, 11 Dec 1999, visi0n wrote:
In my last mail I'd posted a patch for kernel 2.0.38, that was made against a modified socket.c you need this one for the original kernel (2.0.38). Sorry... @@ -966,8 +966,9 @@ struct msghdr msg; struct iovec iov; - if(len<0) + if(len < 0 || len >= 65468) return -EINVAL; + err=verify_area(VERIFY_READ,buff,len); if(err) return err;
The above patch doesn't fix the bug, because you can still use the other kernel entry points send/sendmsg to feed a big payload ip_build_xmit. Also note that you don't need to restrict to 65467 bytes the max size of a packet when the ip options are < 40 bytes. Andrea
Current thread:
- ISSalert: ISS Security Advisory: Buffer Overflow in Solaris Snoop, (continued)
- ISSalert: ISS Security Advisory: Buffer Overflow in Solaris Snoop Aleph One (Dec 09)
- Re: Analysis of trin00 Stefan Aeschbacher (Dec 09)
- xsw 1.24 remote buffer overflow Aleph One (Dec 09)
- Analysis of Tribe Flood Network Dave Dittrich (Dec 07)
- Re: Analysis of Tribe Flood Network Mixter (Dec 08)
- Re: Analysis of Tribe Flood Network Stefan Laudat (Dec 10)
- Error in System Policies Adam Simms (Dec 10)
- Re: Analysis of Tribe Flood Network Mixter (Dec 11)
- Big problem on linux 2.0 visi0n (Dec 11)
- Re: Big problem on linux 2.0 visi0n (Dec 11)
- Re: Big problem on linux 2.0 Andrea Arcangeli (Dec 14)
- HP-UX: Security Vulnerability in wu-ftp Aleph One (Dec 13)
- Re: w00giving #8] Solaris 2.7's snoop Shane A. Macaulay (Dec 09)
- Clarification needed on the snoop vuln(s) Alfred Huger (Dec 09)
- Re: FTP denial of service attack Renaud Deraison (Dec 07)
- FTP DoS - PORT and PASV effected. Darren Reed (Dec 07)
- Re: FTP DoS - PORT and PASV effected. Henrik Nordstrom (Dec 09)