Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
From: Mathias Krause <minipli () googlemail com>
Date: Wed, 6 Mar 2013 10:14:46 +0100

On Wed, Mar 6, 2013 at 9:46 AM, Kurt Seifried <kseifried () redhat com> wrote:
Hash: SHA1

On 03/05/2013 01:52 PM, Mathias Krause wrote:
Hi Kurt,

I don't care much about info leaks beyond merely fixing them. But
Alexander asked me to request a CVE ID for the recent crypto fix
of mine and as I did quite a few of such fixes in the recent past,
I'll just list them all here. The information might be a bit scarce
for a CVE ID request but as I don't expect any CVE IDs anyway, I
didn't wanted to do too much unnecessary work. ;)

CVE ID's prompt people to back port these security fixes which is a
good thing indeed =).

M'kay. Might be the case for the crypto fix as it wasn't Cc'ed to
stable, albeit I asked Herbert for it :/
(see <http://www.mail-archive.com/linux-crypto () vger kernel org/msg08339.html>).

9a5467b crypto: user - fix info leaks in report API
gitweb: https://git.kernel.org/linus/9a5467b

ecd7918 xfrm_user: ensure user supplied esn replay window is valid
gitweb: https://git.kernel.org/linus/ecd7918

1f86840 xfrm_user: fix info leak in copy_to_user_tmpl()
gitweb: https://git.kernel.org/linus/1f86840

7b78983 xfrm_user: fix info leak in copy_to_user_policy()
gitweb: https://git.kernel.org/linus/7b78983

f778a63 xfrm_user: fix info leak in copy_to_user_state()
gitweb: https://git.kernel.org/linus/f778a63

4c87308 xfrm_user: fix info leak in copy_to_user_auth()
gitweb: https://git.kernel.org/linus/4c87308

43da5f2 net: fix info leak in compat dev_ifconf()
gitweb: https://git.kernel.org/linus/43da5f2

2d8a041 ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
gitweb: https://git.kernel.org/linus/2d8a041

7b07f8e dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO)
gitweb: https://git.kernel.org/linus/7b07f8e

3592aae llc: fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/3592aae

04d4fbc l2tp: fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/04d4fbc

792039c Bluetooth: L2CAP - Fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/792039c

9344a97 Bluetooth: RFCOMM - Fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/9344a97

f9432c5 Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST)
gitweb: https://git.kernel.org/linus/f9432c5

9ad2de4 Bluetooth: RFCOMM - Fix info leak in getsockopt(BT_SECURITY)
gitweb: https://git.kernel.org/linus/9ad2de4

3f68ba0 Bluetooth: HCI - Fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/3f68ba0

e15ca9a Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
gitweb: https://git.kernel.org/linus/e15ca9a

3c0c5cf atm: fix info leak via getsockname()
gitweb: https://git.kernel.org/linus/3c0c5cf

e862f1a atm: fix info leak in getsockopt(SO_ATMPVC)
gitweb: https://git.kernel.org/linus/e862f1a

a117dac net/tun: fix ioctl() based info leaks
gitweb: https://git.kernel.org/linus/a117dac

0143fc5 udf: avoid info leak on export
gitweb: https://git.kernel.org/linus/0143fc5

fe685aa isofs: avoid info leak on export
gitweb: https://git.kernel.org/linus/fe685aa

864745d xfrm_user: return error pointer instead of NULL
gitweb: https://git.kernel.org/linus/864745d

276bdb8 dccp: check ccid before dereferencing
gitweb: https://git.kernel.org/linus/276bdb8

can you provide the full git id/link to these?

Links are inlined above. The pattern how to create web-links is pretty
obvious, though.

Also were they all
discovered by the same researcher?

All of the bugs were discovered and fixed by me. But I'm no
researcher. It's more a hobby of mine ;)

While we are at it: Do we care about getting CVE IDs for info
leaks? If so, all of them or only for the ones with leaks above a
certain threshold (>= 16 bytes, e.g.)?

Yes please. Much like DNA fragments you can potentially string them
together to reveal larger things.

Okay. I'll continue posting my findings, then.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]