[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: taskstats/procfs io
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-06-28 20:22:40
Message-ID: 706988880.998704.1309292560379.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- Original Message -----
> 
> It can be used to learn ssh and ftp password length. If privsep is
> enabled in openssh and vsftpd, the unprivileged process' activity very
> precisely shows password information.
> 
> For vsftpd read characters count is strlen("USER username\r\n") +
> strlen("PASSWD pass\r\n") + 1, where 1 is one byte read from a pipe
> related to a privileged parent. If measure statistics between user and
> passwords commands, actual password length and username length can be
> gathered.
> 
> For ssh, vice versa, networking activity is constant in packets length,
> but interprocess communications, specifically passwords, depend on user
> input.
> 
> For ssh pass_len = wchars - CONST, for vsftpd pass_len = rchars -
> CONST.
> 
> Another daemons with more or less constant io activity might be
> vulnerable too. PAM greatly complicates precise measurements.
> 
> 
> I think it needs 2 CVE, one for /proc/PID/io and another for
> taskstats.
> 
> https://lkml.org/lkml/2011/6/24/88
> 

I can't find a nice description of both issues. Can you give me one or two
sentence explanations with a few references for the CVE database?

Once I have those I'll give it two IDs.

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]