Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE-2012-5532 hypervkvpd DoS
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 27 Nov 2012 11:21:03 -0700

Just a heads-up on a flaw that was found:

Florian Weimer of the Red Hat Product Security Team discovered that hypervkvpd
would exit when it processed a spoofed Netlink packet that had been sent from
an untrusted local user, in the following code:

        len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
                addr_p, &addr_l);

        if (len < 0 || addr.nl_pid) {
            syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
                    addr.nl_pid, errno, strerror(errno));
            close(fd);
            return -1;
        }

This has been corrected upstream already.

References:

https://git.kernel.org/?p=linux/kernel/git/gregkh/char-misc.git;a=commit;h=95a69adab9acfc3981c504737a2b6578e4d846ef
https://bugzilla.redhat.com/show_bug.cgi?id=877572

--
Vincent Danen / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault