Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0809041250090.29613@faron.mitre.org>
Date: Thu, 4 Sep 2008 12:50:18 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: coley@...re.org
Subject: Re: CVE request: kernel: sunrpc: fix possible overrun
 on read of /proc/sys/sunrpc/transports


======================================================
Name: CVE-2008-3911
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3911
Reference: MLIST:[linux-kernel] 20080830 Re: buffer overflow in /proc/sys/sunrpc/transports
Reference: URL:http://lkml.org/lkml/2008/8/30/184
Reference: MLIST:[linux-kernel] 20080830 buffer overflow in /proc/sys/sunrpc/transports
Reference: URL:http://lkml.org/lkml/2008/8/30/140
Reference: MLIST:[oss-security] 20080904 CVE request: kernel: sunrpc: fix possible overrun on read of /proc/sys/sunrpc/transports
Reference: URL:http://www.openwall.com/lists/oss-security/2008/09/04/2
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27df6f25ff218072e0e879a96beeb398a79cdbc8

The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel
2.6.26.3 does not check the length of a certain buffer obtained from
userspace, which allows local users to overflow a stack-based buffer
and have unspecified other impact via a crafted read system call for
the /proc/sys/sunrpc/transports file.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.