oss-sec mailing list archives
CVE REJECT request: CVE-2013-4588
From: P J P <ppandit () redhat com>
Date: Wed, 29 Jan 2014 20:51:00 +0530 (IST)
Hello, CVE-2013-4588 was assigned to a stack overflow flaw in the Linux kernel. -> http://seclists.org/fulldisclosure/2013/Nov/77 === Kernel: net: ipvs: stack buffer overflow Linux kernel built with the IP Virtual Server(CONFIG_IP_VS) support is vulnerable to a buffer overflow flaw. It could occur while setting or retrieving socket options via setsockopt(2) or getsockopt(2) calls. Though a user needs to have CAP_NET_ADMIN privileges to perform these IP_VS operations. Upstream fix: ------------- -> https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb ===The bounds check added by the above patch are found to be redundant, as the same is done in routine 'nf_sockopt_find'. [1]
+ if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) + return -EINVAL; + if (len < 0 || len > MAX_ARG_LEN) + return -EINVAL; [1] https://lkml.org/lkml/2009/9/30/265 That makes it a security non-issue. Please kindly reject this CVE. Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Current thread:
- CVE REJECT request: CVE-2013-4588 P J P (Jan 29)