Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-2012-5532 hypervkvpd DoS
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 28 Nov 2012 09:08:20 +0100


Indeed. CVE-2012-2669 was actually a fix from us, but it turns out
that it was too strict. Exiting makes indeed no sense. :/


On Tue, Nov 27, 2012 at 02:32:22PM -0700, Vincent Danen wrote:
* [2012-11-27 11:55:35 -0700] Vincent Danen wrote:

* [2012-11-27 11:21:03 -0700] Vincent Danen wrote:

Just a heads-up on a flaw that was found:

Florian Weimer of the Red Hat Product Security Team discovered that hypervkvpd
would exit when it processed a spoofed Netlink packet that had been sent from
an untrusted local user, in the following code:

      len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
              addr_p, &addr_l);

      if (len < 0 || addr.nl_pid) {
          syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
                  addr.nl_pid, errno, strerror(errno));
          return -1;

This has been corrected upstream already.



Ooops.  This is a bit embarrassing.

This is actually CVE-2012-2669.  Please reject CVE-2012-5532 as a
duplicate of CVE-2012-2669.


Wow, ok, this is a little convoluted.  These actually are not the same

The old fix is here (so this would be CVE-2012-2669):


This, however, while detecting the spoofed netlink packet would still
cause the daemon to exit.  I'm not sure whether or not it actually fixed

This fix:


fixes the previous commit so that now the daemon no longer exits on
these bad packets.  This would be CVE-2012-5532.

So CVE-2012-2669 is for "failing to check origin of netlink messages"
and CVE-2012-5532 is for the "exiting upon receipt of spoofed netlink
messages" (or something to that effect anyways).

My apologies for the noise.

Vincent Danen / Red Hat Security Response Team 


~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]