Full Disclosure mailing list archives

Re: nullpointer fix question

From: Tavis Ormandy <taviso () sdf lonestar org>
Date: Fri, 14 Aug 2009 17:57:50 +0200

maxigas <maxigas () anargeek net> wrote:

hi!

Should this fix work against the nullpointer linux kernel vulnerability?


It looks incomplete, I don't see PF_ISDN or PF_IUCV, for example.

But this general approach looks fine, and is actually what Red Hat have
reccommended to their customers.

https://bugzilla.redhat.com/show_bug.cgi?id=516949#c10

Obviously if you don't use redhat, you should check what else your
distribution provides.

Should it break any services on a usual LAMP machine?


If you know you don't need PF_INET6, then it should be fine. You would most
likely know if you needed the others.

Thanks, Tavis.

-- 
-------------------------------------
taviso () sdf lonestar org | finger me for my pgp key.
-------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

nullpointer fix question maxigas (Aug 14)
- Re: nullpointer fix question Tavis Ormandy (Aug 14)