[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Linux Kernel sctp_setsockopt() Integer Overflow
From:       Shaun Colley <shaunige () yahoo ! co ! uk>
Date:       2004-05-31 17:35:29
Message-ID: 20040531173529.35242.qmail () web25109 ! mail ! ukl ! yahoo ! com
[Download RAW message or body]

> Because this all is debate about nothing, as the
> original advisory was 
> fake, because you simply can't pass negative optlen
> to setsockopt() 
> syscall, so there is nothing to be exploited.

No, the advisory was not fake.  At the time, I didn't
realise that -1 or any negative will not get past
sys_setsockopt().  Without the sanity check in
setsockopt, there would be a bad security issue,
though.  It's still worth upgrading, anyway.  The bug
exists, just not a very big possibility of exploiting.



Thank you for your time.
Shaun.


	
	
		
____________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html
[prev in list] [next in list] [prev in thread] [next in thread]