Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 03 Jul 2013 20:35:23 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/03/2013 10:35 AM, Marcus Meissner wrote:
On Wed, Jul 03, 2013 at 11:02:13AM +0200, Marcus Meissner wrote:
Hi,

Michal Hocko identified an earlier patch for an AF_KEY
information leak, in nearly the same place as CVE-2013-2234.

URL: 
https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40


Due to different time of fix and different researcher probably 
needs a new CVE.

Yup CVE split.


Ciao, Marcus

commit 85dfb745ee40232876663ae206cba35f24ab2a40 Author: Nicolas
Dichtel <nicolas.dichtel () 6wind com> Date:   Mon Feb 18 16:24:20
2013 +0100

af_key: initialize satype in key_notify_policy_flush()

This field was left uninitialized. Some user daemons perform
check against this field.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel () 6wind com> 
Signed-off-by: Steffen Klassert <steffen.klassert () secunet com>


Please use CVE-2013-2237 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR1N9rAAoJEBYNRVNeJnmTjC4P/0W86bcbkrENj7qTJMAhfkoD
yRHlIVOgQUBDcoz5uvtwXJzyS3LYUtv0MrpRw2hpTzGmVp+fBuESK7SSq/xC7ddj
S91U3CglCWvuvqPK2+z4ovvR/VuZ/ed1AESgVsfAdwor/qyTj2w16+pJPNkF7Iw1
3HnqNiBwCGw85h2mpWTN2L0TZJ+BUQliz2YG/GDdI1h/8TG1FI/DXqfdrzamNtaw
8U+gcvSISXRtRkIY4Hifg4KS4X9dYlA0IK+aBQ5Ur2pyxc/goCzTsejKOxgThpha
K428FuFIOA10gBEGSl5h4dplZxDbw0lhfE7H/prWHG15pxxuzbw5ug2Jaq11FLv5
aniTIqW9T2EDTcCaHFB4szYbXWBMsaGYUbx+qpUCtLXT9LcVjwmvobmbgng3L7LB
h2cKiktMAQQDOYo7ZkGcX23pu8Eor2gLjZ8MnBedH5DZYWzd3aMOl+89Cvsv7rz1
guQYjk2yPi8xjl0WrBJQ2w9mcJLbOPDJrURoCMilp3OG+XggHxK0ksxSnZSvZ9LG
7YFtP47QNidRlgLd3tf5S56d65tUiF7qM254oOmXIh5pDq2yPQ6BdqDu6wKi0Mux
4oabaJCGs1E2dLjZnzFHDxBG9MabV2NDAt2qGxG6diVIZz2eVUShfHLPgQpbgfdJ
5La/nOo9QQwxdnnU8d6g
=oB3q
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]