oss-sec mailing list archives
Re: CVE request: kernel: tty: release_one_tty() forgets to put pids
From: Josh Bressers <bressers () redhat com>
Date: Thu, 15 Apr 2010 20:09:50 -0400 (EDT)
Please use CVE-2010-1162 for this.
Thanks
--
JB
----- "Eugene Teo" <eugene () redhat com> wrote:
On 04/15/2010 08:37 AM, Eugene Teo wrote:On 04/15/2010 08:23 AM, Michael Gilbert wrote:On Wed, 14 Apr 2010 11:20:00 +0800 Eugene Teo wrote:2) tty: release_one_tty() forgets to put pids https://bugzilla.redhat.com/show_bug.cgi?id=582076http://git.kernel.org/linus/6da8d866d0d39e9509ff826660f6a86a6757c966Not sure this issue can be triggered by a non-privileged user.this one should get a CVE id i think. looking at only two datapoints(2.6.26 and 2.6.32), i've found the vulnerable code present inboth.if i'm not mistaken, redhat has had supported releases in thatrange.Was discussing this with another colleague, that it seems possibletotrigger this issue with a non-privileged user. And yes, I agreethatthis should have a CVE name assigned. Thanks.pgrp member in struct tty_struct was converted to struct pid in commit ab521dc0, so kernels of version v2.6.26-rc1 and above are affected by this. Eugene
Current thread:
- Couple of kernel issues Eugene Teo (Apr 13)
- Re: Couple of kernel issues Michael Gilbert (Apr 14)
- CVE request: kernel: tty: release_one_tty() forgets to put pids Eugene Teo (Apr 14)
- Re: CVE request: kernel: tty: release_one_tty() forgets to put pids Eugene Teo (Apr 14)
- Re: CVE request: kernel: tty: release_one_tty() forgets to put pids Josh Bressers (Apr 15)
- Re: CVE request: kernel: tty: release_one_tty() forgets to put pids Eren Türkay (Apr 26)
- Re: CVE request: kernel: tty: release_one_tty() forgets to put pids Eugene Teo (Apr 27)
- CVE request: kernel: tty: release_one_tty() forgets to put pids Eugene Teo (Apr 14)
- Re: Couple of kernel issues Michael Gilbert (Apr 14)