[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE REJECT request: CVE-2013-4588
From: P J P <ppandit () redhat ! com>
Date: 2014-01-29 15:33:00
Message-ID: alpine.LFD.2.10.1401292034410.25782 () wniryva ! cad ! erqung ! pbz
[Download RAW message or body]
Hello,
CVE-2013-4588 was assigned to a stack overflow flaw in the Linux kernel.
-> http://seclists.org/fulldisclosure/2013/Nov/77
===
Kernel: net: ipvs: stack buffer overflow
Linux kernel built with the IP Virtual Server(CONFIG_IP_VS) support is
vulnerable to a buffer overflow flaw. It could occur while setting or
retrieving socket options via setsockopt(2) or getsockopt(2) calls.
Though a user needs to have CAP_NET_ADMIN privileges to perform these IP_VS
operations.
Upstream fix:
-------------
-> https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb
===
The bounds check added by the above patch are found to be redundant, as the
same is done in routine 'nf_sockopt_find'. [1]
+ if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX)
+ return -EINVAL;
+ if (len < 0 || len > MAX_ARG_LEN)
+ return -EINVAL;
[1] https://lkml.org/lkml/2009/9/30/265
That makes it a security non-issue. Please kindly reject this CVE.
Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic