oss-sec mailing list archives
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 27 Feb 2013 18:46:51 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/27/2013 04:24 PM, Jason A. Donenfeld wrote:
On Thu, Feb 28, 2013 at 12:07 AM, Greg KH <greg () kroah com> wrote:Really? Ok then, please go ahead and try doing this yourself if you feel it is so "obvious" to do.I did yesterday, actually. I saw some commit that said "use after free!", saw that it was triggerable by an unpriv'd user, and sent it into the list. Kurt took a look at it, agreed with the assessment, and assigned a CVE. The commit itself said "use after free" -- I didn't even have to do any heavy lifting or hair-splitting investigation.
No I didn't. This is why I require good quality requests, anything else is a waste of my time. If it doesn't meet an easy "definitely a security bug" I push it back to people and keep poking them with annoying questions, in some cases this takes weeks or months to be resolved (some are quite subtle, like that IPv6 Kernel stuff). I assigned 1600-2000 CVEs last year, it will be more this year. At one hour per CVE that would be a full years work right there. Even at 1-5 minutes per CVE it's still a huge time sink. The Kernel people are working with roughly an order or two magnitude more bug reports to assess (because even trivial looking things can turn out to have nasty consequences or even represent entirely new classes of flaws, just look at the recent Ruby stuff or XML stuff).
Nope, we are dumb, we do uninteresting, boring work, dealing with broken hardware and demanding users every day. If we were smarter, we wouldn't be doing this type of thing.Come on...
This also goes for security people. If we had any sense we'd go live in the woods in a cabin and drink moonshine and go hunting. I'm still assigning CVE's for /tmp file vulns. That's just inexcusably stupid. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRLrcLAAoJEBYNRVNeJnmTzlwP/3RD6L9k60EmE43kt/NMQK8N sbG3eKCuDug7Z81FS5qMsu6tNSFSvSPF1zkt1XtYFoaPPAiSCJ5iJWtsZHiBpMcQ UG4fbtkZIwbmaijSB455hGRryKC8XhnTy9kjOj+VLiHenjOYYDLGEjJm+stsN6t9 K2uacEKWugzHVPXSoexjRyIS7lai8f04FifMHav/N9ZG8tlbsNA6zr2mx9QDgAfO B+Hmy0mjFXcY9zzyUPlLUOfIQzAxv8DzYF7tUY1Nybttno+ul85OQNSsShJHH10E M34/tLIaMorku/oB00H9hveEi1zgOcVotVIk6tJ/qCnBffOHZ0MWEFYte3ou98D2 yjjjd6nDcu2LAK7cTlbV306oA9F69cWQJ8wWd019Fvmln51z7OCX3fOmjKzz3F4z BmVeBtd0XK65BpHXwU/EewWklTcoATzkr0dZdBupB50PEejF4cDOTgN+g/z4FWjj GKeu06LwlSZcyeQ55S8DLwEK1K8ZvbZhRCwFHISjX7W7G1yWarUZ2jZV333Spv4O 81s3t5haDASbLmNNclZayxhs0wTqGEFRDrFCu4r/hKUvcdTuvFgcBDoMJP6jZC+A 8FnCbVnE4kt1buIhbXWj/YwhpbguhCKebwCtAT135jONn8gs085VhUaGaOoc0vnS PN5pIr8yoEf2QuGt+3UI =H3sd -----END PGP SIGNATURE-----
Current thread:
- Re: handling of Linux kernel vulnerabilities, (continued)
- Re: handling of Linux kernel vulnerabilities Noel Butler (Mar 05)
- Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 05)
- Re: handling of Linux kernel vulnerabilities Alton Moore (Mar 05)
- Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe (Mar 05)
- Re: handling of Linux kernel vulnerabilities Andreas Ericsson (Mar 04)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Mar 01)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)