oss-sec mailing list archives
Re: CVE-2012-5532 hypervkvpd DoS
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 27 Nov 2012 11:55:35 -0700
* [2012-11-27 11:21:03 -0700] Vincent Danen wrote:
Just a heads-up on a flaw that was found: Florian Weimer of the Red Hat Product Security Team discovered that hypervkvpd would exit when it processed a spoofed Netlink packet that had been sent from an untrusted local user, in the following code: len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, &addr_l); if (len < 0 || addr.nl_pid) { syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s", addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } This has been corrected upstream already. References: https://git.kernel.org/?p=linux/kernel/git/gregkh/char-misc.git;a=commit;h=95a69adab9acfc3981c504737a2b6578e4d846ef https://bugzilla.redhat.com/show_bug.cgi?id=877572
Ooops. This is a bit embarrassing. This is actually CVE-2012-2669. Please reject CVE-2012-5532 as a duplicate of CVE-2012-2669. Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
- Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
- Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
- Re: CVE-2012-5532 hypervkvpd DoS Sebastian Krahmer (Nov 28)
- Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
- Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)