Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
From: Mathias Krause <minipli () googlemail com>
Date: Mon, 25 Feb 2013 11:46:52 +0100

On Mon, Feb 25, 2013 at 11:41 AM, Mathias Krause <minipli () googlemail com> wrote:
Kind of. The missing upper bound check was (and still is) in there in
older kernels as well, at times as this code was still living in
inet_diag.c. But it wasn't (and isn't) vulnerable as the
inet_diag_handlers[] array is 256 elements big. So userland cannot
   ^^^^^^^^^^^^^^^^^^^^^^ inet_diag_table that should be, and it's
bound by INET_DIAG_GETSOCK_MAX checks in older kernels.

Sorry for the confusion. Busy doing other stuff :/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]