oss-sec mailing list archives
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
From: Solar Designer <solar () openwall com>
Date: Tue, 26 Feb 2013 00:10:23 +0400
On Mon, Feb 25, 2013 at 07:45:01PM +0100, Mathias Krause wrote:
Did you even try to run the exploit on a v3.2 kernel? Or even more simple, looked at the code of a v3.2 kernel?
No. I think my role in this discussion is to bring up the right questions and have you answer them, for others to have those answers. I hope you don't mind. :-) Personally, I don't care about this specific bug much (not relevant), but I do care about handling of Linux kernel bugs in general. While we're at it, I notice that lately many of us use "kernel" in the Subject to refer to the Linux kernel. I wonder if this little detail makes this mailing list a little less comfortable for non-Linux folks. Maybe we should put "Linux" or "Linux kernel" into the Subject on those occasions, not to discourage non-Linux discussions in here.
There is no sock_diag anywhere in the kernel; there is only inet_diag. And inet_diag hadn't and still does not have the out-of-bounds access issue. So no, this bug is non-existent on a v3.2 kernel.
Thanks! Alexander
Current thread:
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[], (continued)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Jason A. Donenfeld (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)