[kernel-sec-discuss] r2539 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat Nov 5 13:51:46 UTC 2011
Author: gilbert-guest
Date: 2011-11-05 13:51:41 +0000 (Sat, 05 Nov 2011)
New Revision: 2539
Added:
active/CVE-2011-XXXX-keystroke-delay-and-count-infoleak
Log:
new issue
Added: active/CVE-2011-XXXX-keystroke-delay-and-count-infoleak
===================================================================
--- active/CVE-2011-XXXX-keystroke-delay-and-count-infoleak (rev 0)
+++ active/CVE-2011-XXXX-keystroke-delay-and-count-infoleak 2011-11-05 13:51:41 UTC (rev 2539)
@@ -0,0 +1,12 @@
+Description:
+ /proc/$PID/{sched,schedstat} are world readable, so it is possible collect
+ keystroke count and delay of other users, then use statistical analysis to
+ recreate the actual keys entered
+References: http://openwall.com/lists/oss-security/2011/11/05/3
+Notes:
+Bugs:
+upstream: needed
+2.6.32-upstream-stable: needed
+sid: needed
+2.6.26-lenny-security: needed
+2.6.32-squeeze-security: needed
More information about the kernel-sec-discuss
mailing list