[kernel-sec-discuss] r1481 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Thu Aug 27 04:02:24 UTC 2009
Author: gilbert-guest
Date: 2009-08-27 04:02:23 +0000 (Thu, 27 Aug 2009)
New Revision: 1481
Added:
active/CVE-2009-getsockname-info-disclosure
Log:
new issue
Added: active/CVE-2009-getsockname-info-disclosure
===================================================================
--- active/CVE-2009-getsockname-info-disclosure (rev 0)
+++ active/CVE-2009-getsockname-info-disclosure 2009-08-27 04:02:23 UTC (rev 1481)
@@ -0,0 +1,23 @@
+Candidate:
+Description:
+ sllc_arphrd member of sockaddr_llc might not be changed. Zero sllc
+ before copying to the above layer's structure.
+ .
+ Note that LLC sockets are restricted to root since v2.6.25-rc9 (see
+ commit 3480c63b).
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=519305
+ http://git.kernel.org/linus/28e9fc592cb8c7a43e4d3147b38be6032a0e81bc
+ http://jon.oberheide.org/files/llc-getsockname-leak.c
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: pending (2.6.31) [28e9fc592cb8c7a43e4d3147b38be6032a0e81bc]
+linux-2.6: needed
+2.6.18-etch-security: needed
+2.6.24-etch-security: needed
+2.6.26-lenny-security: needed
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
More information about the kernel-sec-discuss
mailing list