Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: kernel: nl80211: missing check for valid SSID size in scan operations
From: Eugene Teo <eugene () redhat com>
Date: Fri, 01 Jul 2011 16:55:17 +0800

On 07/01/2011 04:48 PM, Petr Matousek wrote:
In both trigger_scan and sched_scan operations, we were checking for the
SSID length before assigning the value correctly.  Since the memory was
just kzalloc'ed, the check was always failing and SSID with over 32
characters were allowed to go through.

This is causing a buffer overflow when copying the actual SSID to the
proper place.

Please note that it needs CAP_NET_ADMIN privileges.

Upstream commits:


Use CVE-2011-2517.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]