oss-sec mailing list archives
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC)
From: Vasiliy Kulikov <segoon () openwall com>
Date: Wed, 29 Jun 2011 21:35:19 +0400
On Wed, Jun 29, 2011 at 10:32 -0700, Linus Torvalds wrote:
On Wed, Jun 29, 2011 at 10:21 AM, Vasiliy Kulikov <segoon () openwall com> wrote:So, with rounded read_characters value it's possible to learn privkey length.Umm. You can trivially figure that out from the public key lenth already, can't you?
No, the attacker here have no information about the key at all. It tries to authorize with a random key and a random password. -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Current thread:
- Re: CVE request: kernel: taskstats/procfs io infoleak, (continued)
- Re: CVE request: kernel: taskstats/procfs io infoleak Vasiliy Kulikov (Jun 25)
- Re: CVE request: kernel: taskstats/procfs io infoleak Eugene Teo (Jun 26)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 26)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Andrew Morton (Jun 28)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 28)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 28)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
- Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Josh Bressers (Jun 28)
- Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Eugene Teo (Jun 28)