[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: kernel: taskstats/procfs io
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-06-28 20:22:40
Message-ID: 706988880.998704.1309292560379.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- Original Message -----
>
> It can be used to learn ssh and ftp password length. If privsep is
> enabled in openssh and vsftpd, the unprivileged process' activity very
> precisely shows password information.
>
> For vsftpd read characters count is strlen("USER username\r\n") +
> strlen("PASSWD pass\r\n") + 1, where 1 is one byte read from a pipe
> related to a privileged parent. If measure statistics between user and
> passwords commands, actual password length and username length can be
> gathered.
>
> For ssh, vice versa, networking activity is constant in packets length,
> but interprocess communications, specifically passwords, depend on user
> input.
>
> For ssh pass_len = wchars - CONST, for vsftpd pass_len = rchars -
> CONST.
>
> Another daemons with more or less constant io activity might be
> vulnerable too. PAM greatly complicates precise measurements.
>
>
> I think it needs 2 CVE, one for /proc/PID/io and another for
> taskstats.
>
> https://lkml.org/lkml/2011/6/24/88
>
I can't find a nice description of both issues. Can you give me one or two
sentence explanations with a few references for the CVE database?
Once I have those I'll give it two IDs.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic