oss-sec mailing list archives
CVE request: kernel: CAN information leak
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Wed, 3 Nov 2010 18:19:56 -0400
The CAN protocol uses the address of a kernel heap object as a proc filename, revealing information that could be useful during exploitation. The below post also mentions a heap overflow. While there is a semantic overflow (17 bytes being copied into a 9-byte buffer), in reality, the object whose member is being overflowed resides in a kernel heap slab cache that includes enough padding that there is no possible corruption. So, it's a bug but not a vulnerability. Reference: http://marc.info/?l=linux-netdev&m=128872251418192&w=2 -Dan
Current thread:
- CVE request: kernel: CAN information leak Dan Rosenberg (Nov 03)
- Re: CVE request: kernel: CAN information leak Eugene Teo (Nov 04)
- CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek (Dec 20)
- Re: CVE request: kernel: CAN information leak, 2nd attempt Dan Rosenberg (Dec 20)
- Re: CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek (Dec 20)
- Re: CVE request: kernel: CAN information leak, 2nd attempt Steven M. Christey (Dec 20)
- Re: CVE request: kernel: CAN information leak, 2nd attempt Dan Rosenberg (Dec 20)
- CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek (Dec 20)
- Re: CVE request: kernel: CAN information leak Eugene Teo (Nov 04)