Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110701084857.GA31716@dhcp-25-225.brq.redhat.com>
Date: Fri, 1 Jul 2011 10:48:58 +0200
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: nl80211: missing check for valid SSID size in
 scan operations

In both trigger_scan and sched_scan operations, we were checking for the
SSID length before assigning the value correctly.  Since the memory was
just kzalloc'ed, the check was always failing and SSID with over 32
characters were allowed to go through.

This is causing a buffer overflow when copying the actual SSID to the
proper place.

Please note that it needs CAP_NET_ADMIN privileges.

Upstream commits:
208c72f4fe44fe09577e7975ba0e7fa0278f3d03
57a27e1d6a3bb9ad4efeebd3a8c71156d6207536

References:
https://bugzilla.redhat.com/show_bug.cgi?id=718152

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.