[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: taskstats/procfs io infoleak
From:       Eugene Teo <eugeneteo () kernel ! org>
Date:       2011-06-29 6:00:08
Message-ID: 4E0ABF68.6070906 () kernel ! org
[Download RAW message or body]

On 06/29/2011 04:22 AM, Josh Bressers wrote:
> ----- Original Message -----
>>
>> It can be used to learn ssh and ftp password length. If privsep is
>> enabled in openssh and vsftpd, the unprivileged process' activity very
>> precisely shows password information.
>>
>> For vsftpd read characters count is strlen("USER username\r\n") +
>> strlen("PASSWD pass\r\n") + 1, where 1 is one byte read from a pipe
>> related to a privileged parent. If measure statistics between user and
>> passwords commands, actual password length and username length can be
>> gathered.
>>
>> For ssh, vice versa, networking activity is constant in packets length,
>> but interprocess communications, specifically passwords, depend on user
>> input.
>>
>> For ssh pass_len = wchars - CONST, for vsftpd pass_len = rchars -
>> CONST.
>>
>> Another daemons with more or less constant io activity might be
>> vulnerable too. PAM greatly complicates precise measurements.
>>
>>
>> I think it needs 2 CVE, one for /proc/PID/io and another for
>> taskstats.
>>
>> https://lkml.org/lkml/2011/6/24/88
>>
> 
> I can't find a nice description of both issues. Can you give me one or two
> sentence explanations with a few references for the CVE database?
> 
> Once I have those I'll give it two IDs.

I have assigned the CVE names for these two issues.

Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]