Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Linux kernel: net - three info leaks in rtnl
From: Moritz Muehlenhoff <jmm () debian org>
Date: Mon, 25 Mar 2013 12:15:38 +0100

Hi,

On 03/19/2013 03:15 PM, Mathias Krause wrote:
I fixed a few more info leaks in linux v3.9-rc3. Unprivileged
users can use the netlink interface to exploit the following issues
to disclose kernel stack memory:

29cd8ae dcbnl: fix various netlink info leaks 
http://git.kernel.org/linus/29cd8ae0e1a39e239a3a7b67da1986add1199fc0

 84d73cd rtnl: fix info leak on RTM_GETLINK request for VF devices 
http://git.kernel.org/linus/84d73cd3fb142bf1298a8c13fd4ca50fd2432372

 c085c49 bridge: fix mdb info leaks 
http://git.kernel.org/linus/c085c49920b2f900ba716b4ca1c1a55ece9872cc

 David Miller did backports for the above issues which are
currently under review and should end up in the next stable and
longterm kernels.

Regards, Mathias

CVE Merge - same researcher/vuln/version. Please use CVE-2013-1873 for
these issues.

These appeared in the CVE updates under different IDs now:

29cd8ae: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634
84d73cd: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2635
c085c49: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2636

Which shall we use?

Cheers,
        Moritz


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]