oss-sec mailing list archives
Re: CVE request: kernel stack infoleaks
From: Josh Bressers <bressers () redhat com>
Date: Thu, 4 Nov 2010 07:16:11 -0400 (EDT)
----- "Jon Oberheide" <jon () oberheide org> wrote:
Vasiliy Kulikov discovered three kernel stack infoleaks in various packet families of the net subsystem: =========================================================== net/ax25 Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater field of fsa struct. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. http://marc.info/?l=linux-netdev&m=128854507120898&w=2
Use CVE-2010-3875 for this one.
=========================================================== net/packet packet_getname_spkt() doesn't initialize all members of sa_data field of sockaddr struct if strlen(dev->name) < 13. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory. We have to fully fill sa_data with strncpy() instead of strlcpy(). http://marc.info/?l=linux-netdev&m=128854507220908&w=2
CVE-2010-3876
=========================================================== net/tipc Structure sockaddr_tipc is copied to userland with padding bytes after "id" field in union field "name" unitialized. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. http://marc.info/?l=linux-netdev&m=128854507420917&w=2
CVE-2010-3877 Thanks. -- JB
Current thread:
- CVE request: kernel stack infoleaks Jon Oberheide (Nov 02)
- Re: CVE request: kernel stack infoleaks Dan Rosenberg (Nov 02)
- Re: CVE request: kernel stack infoleaks Dan Rosenberg (Nov 02)
- Re: CVE request: kernel stack infoleaks Steven M. Christey (Nov 02)
- Re: CVE request: kernel stack infoleaks Dan Rosenberg (Nov 02)
- Re: CVE request: kernel stack infoleaks Josh Bressers (Nov 04)
- Re: CVE request: kernel stack infoleaks Dan Rosenberg (Nov 02)