oss-sec mailing list archives
Re: CVE Request: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL
From: Josh Bressers <bressers () redhat com>
Date: Wed, 30 Jun 2010 15:23:22 -0400 (EDT)
Please use CVE-2010-2478 Thanks. -- JB ----- "Eugene Teo" <eugeneteo () kernel sg> wrote:
On 06/29/2010 11:53 PM, akuster wrote:Eugene, Thanks for the info. Unfortunately it does affect a few MontaVista kernels. Is it possible to get a CVE for this?I edited the $SUBJECT :) EugeneOn 06/28/2010 04:10 PM, Eugene Teo wrote:FYI, "On a 32-bit machine, info.rule_cnt>= 0x40000000 leads tointegeroverflow and the buffer may be smaller than needed. Since ETHTOOL_GRXCLSRLALL is unprivileged, this can presumably be usedfor atleast denial of service." This was introduced in v2.6.27-rc1 via upstream commit 0853ad66. Also see commit 59089d8d. Reference: http://thread.gmane.org/gmane.linux.network/164869 https://bugzilla.redhat.com/show_bug.cgi?id=608950 I'm not requesting a CVE name for this as it did not affect any ofourRed Hat supported Linux kernels. Thanks, Eugene-- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL Eugene Teo (Jun 28)
- Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL akuster (Jun 29)
- CVE Request: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL Eugene Teo (Jun 29)
- Re: CVE Request: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL Josh Bressers (Jun 30)
- CVE Request: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL Eugene Teo (Jun 29)
- Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL akuster (Jun 29)