oss-sec mailing list archives
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 26 Feb 2013 23:25:05 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/26/2013 04:05 PM, Jason A. Donenfeld wrote:
On Tue, Feb 26, 2013 at 10:05 PM, Kurt SeifriedThe problem with security is you have to basically do it 100% correctly 100% of the time, otherwise things fall through the cracks (like this VFAT thing).Also, what about the tmpfs one from yesterday? Nobody involved in the patch reported that as a security bug to this list, until I saw it myself, just by chance, as a random person on the internet, and posted it to the list. In that case, it was clearly marked "use-after-free", but nobody involved requested a CVE.
That's my point. We're not doing this 100% of the time 100% correctly due to resource constraints, and I highly doubt we ever will, again due to resource constraints. That and reality, proving negatives is hard and all that. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRLabBAAoJEBYNRVNeJnmT2qsQANeImRW8lghq8GbUC8XRo6CY OFybn2zn9pFQwB/hdlkq9ziXVwv0LiyRPkOLy89+FxC0TuTTYCb5Pa2bmowgLmVW 52IqinnNuW2IpFG5njNC0i0YDWekYXg++kzpBDWmmGGhW4CxlvS8prI14c/xTgaR 1CEQblDWs4HGru1ieKVTdLZRKTvXQo+HGvVjYHTAdh/4OPwnlDz9KS+q55qbLeKC E5D398Tz0cR4vPh0SgXoeMEezjAQgbcGB34CQpN/YLmwGozTzo0VOwh3EAh966Ja wsbWil0sFSfl8CAGf72C53q4o+zFExmhMLzCD50ytyl7P1lmS5JK+NPlg0YPHEB2 24vv/65pyg5QSWfrZC7a/auo7y0CzNavDoJNzO2WENdsYF1M/UyycUwzI92O+Sdv 5ALo3t89pedtVgfyUVRyBa4+dUTJcT/ym4rBcLcqsPGdUN9tZtYQd1P7t7eQCicM r0y/+vMRYkG3QEyLvvVKGrU/Kap+64vjfV6bF/ZrtIOrn4kNZoL1Rq6qEWD6u97k Mr0y0ur3KlAH24R72H1fdOgMkXjGOCVvKWh/4OaNlV0vpvw5NfiEfppuND87ZRzA Dxjr7K0HycCRrjBhX8ZBq1OikoKDgx/48D8pk+XmhERbpt+bL5GmJjMZaCDQOgvx JgqgVa2ZfZlzitfaThU9 =UfRA -----END PGP SIGNATURE-----
Current thread:
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow, (continued)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 28)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)