oss-sec mailing list archives
Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC)
From: Eugene Teo <eugeneteo () kernel org>
Date: Wed, 29 Jun 2011 14:00:08 +0800
On 06/29/2011 04:22 AM, Josh Bressers wrote:
----- Original Message -----It can be used to learn ssh and ftp password length. If privsep is enabled in openssh and vsftpd, the unprivileged process' activity very precisely shows password information. For vsftpd read characters count is strlen("USER username\r\n") + strlen("PASSWD pass\r\n") + 1, where 1 is one byte read from a pipe related to a privileged parent. If measure statistics between user and passwords commands, actual password length and username length can be gathered. For ssh, vice versa, networking activity is constant in packets length, but interprocess communications, specifically passwords, depend on user input. For ssh pass_len = wchars - CONST, for vsftpd pass_len = rchars - CONST. Another daemons with more or less constant io activity might be vulnerable too. PAM greatly complicates precise measurements. I think it needs 2 CVE, one for /proc/PID/io and another for taskstats. https://lkml.org/lkml/2011/6/24/88I can't find a nice description of both issues. Can you give me one or two sentence explanations with a few references for the CVE database? Once I have those I'll give it two IDs.
I have assigned the CVE names for these two issues. Thanks, Eugene
Current thread:
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC), (continued)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 28)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 28)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Josh Bressers (Jun 28)
- Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Eugene Teo (Jun 28)