oss-sec mailing list archives
Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper
From: cve-assign () mitre org
Date: Tue, 28 Jan 2014 15:14:39 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Linux kernel built with the NetFilter Connection Tracking(NF_CONNTRACK) support for IRC protocol(NF_NAT_IRC), is vulnerable to an information leakage flaw. It could occur when communicating over direct client-to-client IRC connection(/dcc) via a NAT-ed network. Kernel attempts to mangle IRC TCP packet's content, wherein an uninitialised 'buffer' object is copied to a socket buffer and sent over to the other end of a connection. https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886 https://bugzilla.redhat.com/show_bug.cgi?id=1058748
Use CVE-2014-1690. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJS6A6QAAoJEKllVAevmvms8oUIAIue3EnbDUNmDojuAhfS2G8W ar7B6BknStwQo6VggXIwqrmFyLbf8aykupuAXTusCE3fIbR5Mz2l1GVF1jbJRjfT HRvG40HPTyI+AXWRoAiCHP9DdsN4Q55CV+HDd/8zUDllRVWjZQ3B+1lP6HK+X9yp j8Jlqvmdz1sac9F01/OhfvCJlwzajGNEn1gZMHMzNao0+QpEBhIoqbAIuNdwn44Z tWTe2Y/rXhayjY5QHzxbn+umC+rHDppJzuqstjzva0Dr6RAYAD+tWif1d/qGfwty 8boM7M/doelpKjR6FSPJUXYzH1bHybAbtj6ho6jnwK5hgqrgmnu+l3ojlOjLUoQ= =C1pO -----END PGP SIGNATURE-----
Current thread:
- CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper P J P (Jan 28)
- Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper cve-assign (Jan 28)
- Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper Kurt Seifried (Jan 28)