oss-sec mailing list archives

CVE request: kernel: CAN information leak, 2nd attempt

From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 20 Dec 2010 13:36:34 -0500 (EST)

"The CAN protocol uses the address of a kernel heap object as a proc
filename, revealing information that could be useful during
exploitation."

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=664544
http://seclists.org/oss-sec/2010/q4/103

Credit: Dan Rosenberg

------------

Please note that there has been one attempt to request CVE for this
issue already [1]. The problem is that vendors (Red Hat more or less
included) used the assigned CVE for the potential heap overflow issue
[2, 3] whereas reporter used it for information leak [4].

  [1] http://seclists.org/oss-sec/2010/q4/107
  [2] http://lists.opensuse.org/opensuse-updates/2010-12/msg00026.html
  [3] http://www.debian.org/security/2010/dsa-2126
  [4] http://www.cs.brown.edu/people/drosenbe/research.html

I'd suggest to keep the CVE-2010-3874 id for the heap overflow which
has some (although very limited) security potential and assign a new id
for the information leak.

Thanks,
--
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE request: kernel: CAN information leak Dan Rosenberg (Nov 03)
- Re: CVE request: kernel: CAN information leak Eugene Teo (Nov 04)
  - CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek (Dec 20)
    - Re: CVE request: kernel: CAN information leak, 2nd attempt Dan Rosenberg (Dec 20)
    - Re: CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek (Dec 20)
    - Re: CVE request: kernel: CAN information leak, 2nd attempt Steven M. Christey (Dec 20)
    - Re: CVE request: kernel: CAN information leak, 2nd attempt Dan Rosenberg (Dec 20)