|
Message-ID: <706988880.998704.1309292560379.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Date: Tue, 28 Jun 2011 16:22:40 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: security@...nel.org Subject: Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) ----- Original Message ----- > > It can be used to learn ssh and ftp password length. If privsep is > enabled in openssh and vsftpd, the unprivileged process' activity very > precisely shows password information. > > For vsftpd read characters count is strlen("USER username\r\n") + > strlen("PASSWD pass\r\n") + 1, where 1 is one byte read from a pipe > related to a privileged parent. If measure statistics between user and > passwords commands, actual password length and username length can be > gathered. > > For ssh, vice versa, networking activity is constant in packets length, > but interprocess communications, specifically passwords, depend on user > input. > > For ssh pass_len = wchars - CONST, for vsftpd pass_len = rchars - > CONST. > > Another daemons with more or less constant io activity might be > vulnerable too. PAM greatly complicates precise measurements. > > > I think it needs 2 CVE, one for /proc/PID/io and another for > taskstats. > > https://lkml.org/lkml/2011/6/24/88 > I can't find a nice description of both issues. Can you give me one or two sentence explanations with a few references for the CVE database? Once I have those I'll give it two IDs. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.