Bugtraq mailing list archives

Re: Linux Kernel sctp_setsockopt() Integer Overflow

From: Shaun Colley <shaunige () yahoo co uk>
Date: Mon, 31 May 2004 18:35:29 +0100 (BST)

Because this all is debate about nothing, as the
original advisory was 
fake, because you simply can't pass negative optlen
to setsockopt() 
syscall, so there is nothing to be exploited.


No, the advisory was not fake.  At the time, I didn't
realise that -1 or any negative will not get past
sys_setsockopt().  Without the sanity check in
setsockopt, there would be a bad security issue,
though.  It's still worth upgrading, anyway.  The bug
exists, just not a very big possibility of exploiting.



Thank you for your time.
Shaun.


        
        
                
____________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html

Current thread:

Linux Kernel sctp_setsockopt() Integer Overflow Shaun Colley (May 11)
- Re: [Full-Disclosure] Linux Kernel sctp_setsockopt() Integer Overflow Tom Rini (May 12)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 15)
  - Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 28)
    - Re: Linux Kernel sctp_setsockopt() Integer Overflow Jirka Kosina (May 31)
    - Re: Linux Kernel sctp_setsockopt() Integer Overflow Shaun Colley (May 31)