oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: remote triggerable use-after-free in rpcbind

From: Steve Dickson <SteveD () redhat com>
Date: Thu, 17 Sep 2015 14:58:11 -0400


On 09/17/2015 02:54 PM, Marcus Meissner wrote:

On Thu, Sep 17, 2015 at 02:51:26PM -0400, Steve Dickson wrote:



On 09/17/2015 12:20 PM, cve-assign () mitre org wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


http://www.spinics.net/lists/linux-nfs/msg53045.html
https://bugzilla.suse.com/show_bug.cgi?id=946204



frees the netbuf caller_addr and caller_addr.buf. However, it does not
clear xp_rtaddr, so xp_rtaddr.buf now refers to memory region A, which
is free.

... It will reuse the buffer inside xp_rtaddr


Use CVE-2015-7236.

Will there be a bz opened up? 


Where should I open it? kernel.org?

IDK... Aren't CVE suppose to be keep under wrap until
they are fixed... I know there are some rules around CVEs...

steved.
Previous By Date Next
Previous By Thread Next

Current thread: