oss-sec mailing list archives
Re: CVE request: kernel: CAN information leak
From: Eugene Teo <eugene () redhat com>
Date: Thu, 04 Nov 2010 17:59:24 +0800
On 11/04/2010 06:19 AM, Dan Rosenberg wrote:
The CAN protocol uses the address of a kernel heap object as a proc filename, revealing information that could be useful during exploitation. The below post also mentions a heap overflow. While there is a semantic overflow (17 bytes being copied into a 9-byte buffer), in reality, the object whose member is being overflowed resides in a kernel heap slab cache that includes enough padding that there is no possible corruption. So, it's a bug but not a vulnerability. Reference: http://marc.info/?l=linux-netdev&m=128872251418192&w=2
Please use CVE-2010-3874.
Thanks, Eugene
--
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- CVE request: kernel: CAN information leak Dan Rosenberg (Nov 03)
- Re: CVE request: kernel: CAN information leak Eugene Teo (Nov 04)
- CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek (Dec 20)
- Re: CVE request: kernel: CAN information leak, 2nd attempt Dan Rosenberg (Dec 20)
- Re: CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek (Dec 20)
- Re: CVE request: kernel: CAN information leak, 2nd attempt Steven M. Christey (Dec 20)
- Re: CVE request: kernel: CAN information leak, 2nd attempt Dan Rosenberg (Dec 20)
- CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek (Dec 20)
- Re: CVE request: kernel: CAN information leak Eugene Teo (Nov 04)