[kernel] r17201 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Apr 4 02:42:19 UTC 2011
Author: dannf
Date: Mon Apr 4 02:42:16 2011
New Revision: 17201
Log:
econet: 4 byte infoleak to the network (CVE-2011-1173)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-4-byte-infoleak-to-the-network.patch
- copied unchanged from r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/econet-4-byte-infoleak-to-the-network.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 02:40:32 2011 (r17200)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 02:42:16 2011 (r17201)
@@ -16,6 +16,7 @@
* netfilter: arp_tables: fix infoleak to userspace (CVE-2011-1170)
* netfilter: ip_tables: fix infoleak to userspace (CVE-2011-1171)
* ipv6: netfilter: ip6_tables: fix infoleak to userspace (CVE-2011-1172)
+ * econet: 4 byte infoleak to the network (CVE-2011-1173)
-- dann frazier <dannf at debian.org> Wed, 30 Mar 2011 22:46:26 -0600
Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-4-byte-infoleak-to-the-network.patch (from r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/econet-4-byte-infoleak-to-the-network.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-4-byte-infoleak-to-the-network.patch Mon Apr 4 02:42:16 2011 (r17201, copy of r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/econet-4-byte-infoleak-to-the-network.patch)
@@ -0,0 +1,33 @@
+commit 67c5c6cb8129c595f21e88254a3fc6b3b841ae8e
+Author: Vasiliy Kulikov <segoon at openwall.com>
+Date: Thu Mar 17 01:40:10 2011 +0000
+
+ econet: 4 byte infoleak to the network
+
+ struct aunhdr has 4 padding bytes between 'pad' and 'handle' fields on
+ x86_64. These bytes are not initialized in the variable 'ah' before
+ sending 'ah' to the network. This leads to 4 bytes kernel stack
+ infoleak.
+
+ This bug was introduced before the git epoch.
+
+ Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
+ Acked-by: Phil Blundell <philb at gnu.org>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
+index 0c28263..116d3fd 100644
+--- a/net/econet/af_econet.c
++++ b/net/econet/af_econet.c
+@@ -435,10 +435,10 @@ static int econet_sendmsg(struct kiocb *iocb, struct socket *sock,
+ udpdest.sin_addr.s_addr = htonl(network | addr.station);
+ }
+
++ memset(&ah, 0, sizeof(ah));
+ ah.port = port;
+ ah.cb = cb & 0x7f;
+ ah.code = 2; /* magic */
+- ah.pad = 0;
+
+ /* tack our header on the front of the iovec */
+ size = sizeof(struct aunhdr);
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 02:40:32 2011 (r17200)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 02:42:16 2011 (r17201)
@@ -15,3 +15,4 @@
+ bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch
+ bugfix/all/netfilter-ip_tables-fix-infoleak-to-userspace.patch
+ bugfix/all/ipv6-netfilter-ip6_tables-fix-infoleak-to-userspace.patch
++ bugfix/all/econet-4-byte-infoleak-to-the-network.patch
More information about the Kernel-svn-changes
mailing list