oss-sec mailing list archives
Re: CVE-Request -- Linux ASLR integer overflow
From: cve-assign () mitre org
Date: Fri, 13 Feb 2015 15:04:16 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has been found. The issue is that the stack for processes is not properly randomized on some 64 bit architectures due to an integer overflow. Affected systems have reduced the stack entropy of the processes by four.
http://hmarco.org/bugs/linux-ASLR-integer-overflow.html https://lkml.org/lkml/2015/1/7/811
Use CVE-2015-1593. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU3lhQAAoJEKllVAevmvmsqTwIAKophyPwyC60/+1yVSxqroSn vjB9rzp1LSq32tcUccyZFAZKs2ruz/9FUFnHmF+9O3FCxnsS5ksmwFKNjaxbVhsx vp7/p87ThvTK8zTMYloj4WAZocL0UMheHC+MfYtQjyYC4HiEZshUxifPG6PuYLnQ /XEGPhaZQFNC3RF208jBGRhjLgAmkMNMHaRRy6f2dKJFVhXaPPdKhj9HqGN2co6R a78DytZLtE7TynmF2MilaXF0BudXeJAPf+O32tCU/8m/5jV5y8ekcxqsFEG3VWE0 uzoEiQmZvMa7vWk01o5tgGO4Fi3ZMik2Z/bNRs2G4OiPT23O5dLma8lJoWDYj+k= =P3nO -----END PGP SIGNATURE-----
Current thread:
- CVE-Request -- Linux ASLR integer overflow Hector Marco (Feb 13)
- Re: CVE-Request -- Linux ASLR integer overflow Hector Marco (Feb 13)
- Re: CVE-Request -- Linux ASLR integer overflow cve-assign (Feb 13)
- Re: CVE-Request -- Linux ASLR integer overflow Kees Cook (Feb 14)
- Re: CVE-Request -- Linux ASLR integer overflow Hector Marco (Feb 13)