[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: kernel: AF_LLC getsockname 5-Byte
From: Eugene Teo <eugeneteo () kernel ! sg>
Date: 2009-08-27 6:06:16
Message-ID: 4A962258.9040201 () kernel ! sg
[Download RAW message or body]
Eugene Teo wrote:
> Eugene Teo wrote:
>> sllc_arphrd member of sockaddr_llc might not be changed. Zero sllc
>> before copying to the above layer's structure.
>>
>> Note that LLC sockets are restricted to root since v2.6.25-rc9 (see
>> commit 3480c63b).
>>
>> Upstream commit:
>> http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc
>>
>> Reproducer:
>> http://jon.oberheide.org/files/llc-getsockname-leak.c
>>
>> Reference:
>> https://bugzilla.redhat.com/show_bug.cgi?id=519305
>
> There are some more fixes that addressed similar infoleaks:
>
> e84b90ae5eb3c112d1f208964df1d8156a538289
> can: Fix raw_getname() leak
> 09384dfc76e526c3993c09c42e016372dc9dd22c
> irda: Fix irda_getname() leak
> 3d392475c873c10c10d6d96b94d092a34ebd4791
> appletalk: fix atalk_getname() leak
> f6b97b29513950bfbf621a83d85b6f86b39ec8db
> netrom: Fix nr_getname() leak
> 80922bbb12a105f858a8f0abb879cb4302d0ecaa
> econet: Fix econet_getname() leak
> 17ac2e9c58b69a1e25460a568eae1b0dc0188c25
> rose: Fix rose_getname() leak
>
> It would make sense to address these with the same CVE name as this one.
I summarised it here. Hope it is useful to some:
https://bugzilla.redhat.com/show_bug.cgi?id=519305#c0
Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic