'Re: [oss-security] CVE request: Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_name'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_name
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-12-31 7:42:32
Message-ID: 52C27568.8030100 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/31/2013 12:06 AM, P J P wrote:
> Hello,
> 
> Linux kernel built with the networking support(CONFIG_NET) is
> vulnerable to an information leakage flaw in the socket layer. It
> could occur while doing recvmsg(2), recvfrom(2) socket calls. It
> occurs due to improperly initialised msg_name & msg_namelen message
> header parameters.
> 
> A user/program could use this flaw to leak information from kernel 
> memory bytes.
> 
> Upstream fix: ------------- ->
> https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
>
>  Reference: ---------- ->
> https://bugzilla.redhat.com/show_bug.cgi?id=1039845
> 
> Thank you. -- Prasad J Pandit / Red Hat Security Response Team

Please use CVE-2013-6463 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSwnVoAAoJEBYNRVNeJnmTtWEQAMzznw0nuad4vG0SnyDguNda
1FcFYxt8/VYyhOrtbN35NZgV4I51/KocNghCFlXicRIGl7XFIsXQ5XVaeLsUOGzL
0DPURFPTzX11NMQOHs7vVcz7UJ65QldvzvZnfGGSkMiX2W8Z7vIZce1AdM3t/aQw
rqupmJ7h+WFwvJdNp7fzqvS1dt0gtfOB6OCtXqUDCeTp5Xo19GaYaTNN2fKW7TN+
9GA0eeJDphP937zc8tO07fVC7tTruj5ZFJw1fsYCX9vEUcPZF3xrqHDJ+MmJRQJh
nHGKjlq1uQ3lX/8kt4M/tdYPM9a13Go4+HSk9y+zSSgM7ycpSLs+2+3L5YRMRlnu
h8VMwuijLdYMYawpNtBv8x74sh4zUwRPJz+r24/a5ordwnuzXpkUsp7tzTE80Or5
FciQizomMfAySnBSvHpmNOZL4lMTa6DKW0jlv89iKd1Q9TsRKgq0RXumvtEQVweR
GrcG/uzmL/cmTDejC10R57/OvOeVnorWmxRmLTwaqAG8Kq9UQSdrmbc5JCnGoOJ4
GKDcAfwmdqLJHEk6J48b74lmr3ZZuiuNu8cXZtuEueh4eoVD9IKjXxaTR0yk0BBu
61Bg7+5T0OKWRNMAf74bGmar8CFk0kFOCddKdnn61SYo8b/RivLqL/k06vN11J3/
UEn7UOTvXU18T2+KqQ4F
=OyNz
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic