Bugtraq mailing list archives
Re: Linux Kernel sctp_setsockopt() Integer Overflow
From: Shaun Colley <shaunige () yahoo co uk>
Date: Mon, 31 May 2004 18:35:29 +0100 (BST)
Because this all is debate about nothing, as the original advisory was fake, because you simply can't pass negative optlen to setsockopt() syscall, so there is nothing to be exploited.
No, the advisory was not fake. At the time, I didn't realise that -1 or any negative will not get past sys_setsockopt(). Without the sanity check in setsockopt, there would be a bad security issue, though. It's still worth upgrading, anyway. The bug exists, just not a very big possibility of exploiting. Thank you for your time. Shaun. ____________________________________________________________ Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html
Current thread:
- Linux Kernel sctp_setsockopt() Integer Overflow Shaun Colley (May 11)
- Re: [Full-Disclosure] Linux Kernel sctp_setsockopt() Integer Overflow Tom Rini (May 12)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 15)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 28)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Jirka Kosina (May 31)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Shaun Colley (May 31)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 28)