[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request - kernel: information leak in sigaltstack
From: Solar Designer <solar () openwall ! com>
Date: 2009-08-26 4:07:51
Message-ID: 20090826040751.GA20809 () openwall ! com
[Download RAW message or body]
Steve,
On Tue, Aug 18, 2009 at 04:54:43PM -0400, Steven M. Christey wrote:
> On Tue, 4 Aug 2009, Eugene Teo wrote:
>
> > do_sigaltstack: avoid copying 'stack_t' as a structure to user space
>
>
> ======================================================
> Name: CVE-2009-2847
[...]
> The do_sigaltstack function in kernel/signal.c in Linux kernel 2.6
> before 2.6.31-rc5, when running on 64-bit systems, does not clear
> certain padding bytes from a structure, which allows local users to
> obtain sensitive information from the kernel stack via the sigaltstack
> function.
As far as I'm aware, this also affects 2.4 (I did not actively test for
it, but the vulnerable code is there). I've included a fix for it in
2.4.37.5-ow1, and I expect that Willy will fix it in his next release
(likely 2.4.37.6).
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic