oss-sec mailing list archives
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
From: Mathias Krause <minipli () googlemail com>
Date: Wed, 6 Mar 2013 10:14:46 +0100
On Wed, Mar 6, 2013 at 9:46 AM, Kurt Seifried <kseifried () redhat com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/05/2013 01:52 PM, Mathias Krause wrote:Hi Kurt, I don't care much about info leaks beyond merely fixing them. But Alexander asked me to request a CVE ID for the recent crypto fix of mine and as I did quite a few of such fixes in the recent past, I'll just list them all here. The information might be a bit scarce for a CVE ID request but as I don't expect any CVE IDs anyway, I didn't wanted to do too much unnecessary work. ;)CVE ID's prompt people to back port these security fixes which is a good thing indeed =).
M'kay. Might be the case for the crypto fix as it wasn't Cc'ed to stable, albeit I asked Herbert for it :/ (see <http://www.mail-archive.com/linux-crypto () vger kernel org/msg08339.html>).
9a5467b crypto: user - fix info leaks in report API
gitweb: https://git.kernel.org/linus/9a5467b
ecd7918 xfrm_user: ensure user supplied esn replay window is valid
gitweb: https://git.kernel.org/linus/ecd7918
1f86840 xfrm_user: fix info leak in copy_to_user_tmpl()
gitweb: https://git.kernel.org/linus/1f86840
7b78983 xfrm_user: fix info leak in copy_to_user_policy()
gitweb: https://git.kernel.org/linus/7b78983
f778a63 xfrm_user: fix info leak in copy_to_user_state()
gitweb: https://git.kernel.org/linus/f778a63
4c87308 xfrm_user: fix info leak in copy_to_user_auth()
gitweb: https://git.kernel.org/linus/4c87308
43da5f2 net: fix info leak in compat dev_ifconf()
gitweb: https://git.kernel.org/linus/43da5f2
2d8a041 ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
gitweb: https://git.kernel.org/linus/2d8a041
7b07f8e dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO)
gitweb: https://git.kernel.org/linus/7b07f8e
3592aae llc: fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/3592aae
04d4fbc l2tp: fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/04d4fbc
792039c Bluetooth: L2CAP - Fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/792039c
9344a97 Bluetooth: RFCOMM - Fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/9344a97
f9432c5 Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST)
gitweb: https://git.kernel.org/linus/f9432c5
9ad2de4 Bluetooth: RFCOMM - Fix info leak in getsockopt(BT_SECURITY)
gitweb: https://git.kernel.org/linus/9ad2de4
3f68ba0 Bluetooth: HCI - Fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/3f68ba0
e15ca9a Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
gitweb: https://git.kernel.org/linus/e15ca9a
3c0c5cf atm: fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/3c0c5cf
e862f1a atm: fix info leak in getsockopt(SO_ATMPVC)
gitweb: https://git.kernel.org/linus/e862f1a
a117dac net/tun: fix ioctl() based info leaks
gitweb: https://git.kernel.org/linus/a117dac
0143fc5 udf: avoid info leak on export
gitweb: https://git.kernel.org/linus/0143fc5
fe685aa isofs: avoid info leak on export
gitweb: https://git.kernel.org/linus/fe685aa
864745d xfrm_user: return error pointer instead of NULL
gitweb: https://git.kernel.org/linus/864745d
276bdb8 dccp: check ccid before dereferencing
gitweb: https://git.kernel.org/linus/276bdb8
can you provide the full git id/link to these?
Links are inlined above. The pattern how to create web-links is pretty obvious, though.
Also were they all discovered by the same researcher?
All of the bugs were discovered and fixed by me. But I'm no researcher. It's more a hobby of mine ;)
While we are at it: Do we care about getting CVE IDs for info leaks? If so, all of them or only for the ones with leaks above a certain threshold (>= 16 bytes, e.g.)?Yes please. Much like DNA fragments you can potentially string them together to reveal larger things.
Okay. I'll continue posting my findings, then. Regards, Mathias
Current thread:
- CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 05)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 06)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 06)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
- RE: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Christey, Steven M. (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Petr Matousek (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Thomas Biege (Mar 08)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 06)