oss-sec mailing list archives
Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC)
From: Josh Bressers <bressers () redhat com>
Date: Tue, 28 Jun 2011 16:22:40 -0400 (EDT)
----- Original Message -----
It can be used to learn ssh and ftp password length. If privsep is enabled in openssh and vsftpd, the unprivileged process' activity very precisely shows password information. For vsftpd read characters count is strlen("USER username\r\n") + strlen("PASSWD pass\r\n") + 1, where 1 is one byte read from a pipe related to a privileged parent. If measure statistics between user and passwords commands, actual password length and username length can be gathered. For ssh, vice versa, networking activity is constant in packets length, but interprocess communications, specifically passwords, depend on user input. For ssh pass_len = wchars - CONST, for vsftpd pass_len = rchars - CONST. Another daemons with more or less constant io activity might be vulnerable too. PAM greatly complicates precise measurements. I think it needs 2 CVE, one for /proc/PID/io and another for taskstats. https://lkml.org/lkml/2011/6/24/88
I can't find a nice description of both issues. Can you give me one or two sentence explanations with a few references for the CVE database? Once I have those I'll give it two IDs. Thanks. -- JB
Current thread:
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC), (continued)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Andrew Morton (Jun 28)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 28)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 28)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Josh Bressers (Jun 28)
- Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Eugene Teo (Jun 28)