oss-sec mailing list archives
Re: http://www.securityfocus.com/bid/33672/info kernel issue
From: Marcus Meissner <meissner () suse de>
Date: Thu, 12 Feb 2009 21:22:59 +0100
On Thu, Feb 12, 2009 at 08:05:27PM +0000, Mark J Cox wrote:
http://www.securityfocus.com/bid/33672/ seems to be this commit: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.28.y.git;a=commit;h=8255fc826e58c0a59711029e01db9fcdc06ba211 Not sure if its exploitable though.BTW that BID list of affected kernels isn't correct; the multibyte stuff wasn't in <=2.6.18 at least. I didn't check exactly where since it doesn't affect RHEL and didn't look into the issue any further -- but on first glance it seemed like you'd have to be a console user and display/select some carefully chosen characters in order to do the overflow; so it's probably a 'local attacker at keyboard' flaw?
We backported Unicode stuff to SLES 10 I just see, but yes, 2.6.18 then. Yes, console user only. And you can overflow 2 bytes over the end of kmalloced space, not sure how much you can do with this. ciao, Marcus
Current thread:
- http://www.securityfocus.com/bid/33672/info kernel issue Marcus Meissner (Feb 12)
- Re: http://www.securityfocus.com/bid/33672/info kernel issue Mark J Cox (Feb 12)
- Re: http://www.securityfocus.com/bid/33672/info kernel issue Marcus Meissner (Feb 12)
- Re: http://www.securityfocus.com/bid/33672/info kernel issue Mark J Cox (Feb 12)