oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

OpenVZ security repport - Multiple memory leaks (CVE-2013-2239)

From: Jonathan Salwan <jonathan.salwan () gmail com>
Date: Thu, 4 Jul 2013 19:12:18 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


CVE-2013-2239 - Multiple memory leaks in OpenVZ kernel 2.6.32 (042stab080.1)


Description
===========

Two memory leaks was discovered in the versions before vzkernel
patch 042stab080.2.

One memory leak in ploop:

    The ploop_getdevice_ioc function in drivers/block/ploop/dev.c in 
    the vzkernel patch before 042stab080.2 does not initialize a certain 
    length variable, which allows local users to obtain sensitive 
    information from kernel stack memory.

One memory leak in quota:

    The compat_quotactl function in fs/quota/quota.c in the vzkernel patch 
    before 042stab080.2 does not initialize a certain length variable, 
    which allows local users to obtain sensitive information from kernel 
    stack memory.

Fixed in the 042stab080.2

  - [security/ploop] memory info leak fixed (PSBM-20690)
  - [security/quota] memory info leak fixed (PSBM-20690)


Classification
==============

Location    : Local Access Required 
Attack Type : Information Disclosure, Input Manipulation 
Version     : vzkernel 2.6.32 (Patch 042stab080.1)
Impact      : Loss of Confidentiality 
Solution    : Patch / RCS 
Disclosure  : Vendor Verified


References
==========

CVE ID    : CVE-2013-2239
Changelog : http://wiki.openvz.org/Download/kernel/rhel6-testing/042stab080.2
Credit    : Jonathan Salwan (Sysdream Security Lab)


Timeline
========

2013-06-16 : Bugs found
2013-06-19 : Bugs reported
2013-06-28 : Bugs fixed
2013-06-29 : CVE request
2013-07-04 : CVE assigned



Thanks,

- -- Jonathan


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)

iQEcBAEBAgAGBQJR1az4AAoJEH9bXKkQj2JzLYIIAKQ7O9mggrngzbiF2sPl4QQt
HH2li83jltUPRJGa9lAeaMFmOrh4VHW4DZOlKpN5Q/iYRzThCr8t6H/gnn2HeHXA
GBLurAFv2zdKswa87Dzr9B0ySy3O7iuQjzjYQwTnQm+ZWNsKbEyrQVR1uG/5qjH8
UqkhHOqN5jJqFUlfhrLNOPN2O4JYPf9ZyvBklHkKHySmSYhER08Hyy382+Htu3u/
D4uiIhhsORBldAss5t8bcxzUoZDi5qsIFWYux0y5Vo5n9RUw/xmvjTWAlfEKxGEa
uwEXHWDXGVzf41X6B8neBpqfsBF4pFC8LPBciKT/cchR1gNjtiIklaFFgZwlI28=
=672Y
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: