oss-sec mailing list archives
Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes
From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 1 Mar 2011 10:46:12 -0500 (EST)
"struct sco_conninfo has one padding byte in the end. Local variable cinfo of type sco_conninfo is copied to userspace with this uninizialized one byte, leading to old stack contents leak." https://lkml.org/lkml/2011/2/14/49
Please use CVE-2011-1078.
"Struct ca is copied from userspace. It is not checked whether the "device" field is NULL terminated. This potentially leads to BUG() inside of alloc_netdev_mqs() and/or information leak by creating a device with a name made of contents of kernel stack." https://lkml.org/lkml/2011/2/14/50
Please use CVE-2011-1079.
"Struct tmp is copied from userspace. It is not checked whether the "name" field is NULL terminated. This may lead to buffer overflow and passing contents of kernel stack as a module name to try_then_request_module() and, consequently, to modprobe commandline. It would be seen by all userspace processes." https://lkml.org/lkml/2011/2/14/51
Please use CVE-2011-1080. Thanks you, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes Vasiliy Kulikov (Feb 28)
- Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes Petr Matousek (Mar 01)