oss-sec mailing list archives
Re: Linux kernel: net - three info leaks in rtnl
From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 25 Mar 2013 12:17:26 +0100
On Mon, Mar 25, 2013 at 12:15:38PM +0100, Moritz Muehlenhoff wrote:
Hi,On 03/19/2013 03:15 PM, Mathias Krause wrote:I fixed a few more info leaks in linux v3.9-rc3. Unprivileged users can use the netlink interface to exploit the following issues to disclose kernel stack memory: 29cd8ae dcbnl: fix various netlink info leaks http://git.kernel.org/linus/29cd8ae0e1a39e239a3a7b67da1986add1199fc0 84d73cd rtnl: fix info leak on RTM_GETLINK request for VF devices http://git.kernel.org/linus/84d73cd3fb142bf1298a8c13fd4ca50fd2432372 c085c49 bridge: fix mdb info leaks http://git.kernel.org/linus/c085c49920b2f900ba716b4ca1c1a55ece9872cc David Miller did backports for the above issues which are currently under review and should end up in the next stable and longterm kernels. Regards, MathiasCVE Merge - same researcher/vuln/version. Please use CVE-2013-1873 for these issues.These appeared in the CVE updates under different IDs now: 29cd8ae: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634 84d73cd: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2635 c085c49: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2636 Which shall we use?
Ah, I just noticed that http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1873 has already been marked as rejected. Cheers, Moritz
Current thread:
- Linux kernel: net - three info leaks in rtnl Mathias Krause (Mar 19)
- Re: Linux kernel: net - three info leaks in rtnl Kurt Seifried (Mar 20)
- Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff (Mar 25)
- Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff (Mar 25)
- Re: Linux kernel: net - three info leaks in rtnl Moritz Muehlenhoff (Mar 25)
- Re: Linux kernel: net - three info leaks in rtnl Kurt Seifried (Mar 20)