oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: kernel: DCCP invalid options

From: Eugene Teo <eugene () redhat com>
Date: Mon, 09 May 2011 09:59:38 +0800
On 05/09/2011 02:54 AM, Dan Rosenberg wrote:

On a providing a bad option length for certain DCCP options, a remote
host may cause parsing to read beyond the bounds of the incoming
packet.  This may possibly cause a DoS by reading unmapped memory (if
you're unlucky), or it may allow an attacker to infer the contents of
kernel heap memory based on the parser's response.

-Dan

[1] http://marc.info/?l=linux-kernel&m=130468845209036&w=2


Use CVE-2011-1770.

https://bugzilla.redhat.com/CVE-2011-1770

Thanks, Eugene
Previous By Date Next
Previous By Thread Next

Current thread: