lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 6 Nov 2012 10:21:01 -0500 (EST)
From:	Tomas Hozza <thozza@...hat.com>
To:	gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
	devel@...uxdriverproject.org, apw@...onical.com,
	jasowang@...hat.com
Cc:	Olaf Hering <olaf@...fle.de>, KY Srinivasan <kys@...rosoft.com>
Subject: [PATCH] tools/hv/hv_kvp_daemon.c: Netlink source address validation
 allows DoS

Hi.

After discussion with KY Srinivasan and Olaf Hering I'm sending you
a patch for the HyperV KVP daemon distributed in linux kernel
"tools/hv/hv_kvp_daemon.c".

There is an issue in the current daemon source causing hyperv kvp daemon
to exit when it processes a spoofed Netlink packet which has been sent
from an untrusted local user.

This patch is fixing this, so now the Netlink messages with a non-zero
nl_pid source address are just ignored.


Regards,

Tomas Hozza
Associate Software Engineer
BaseOS - Brno, CZ

View attachment "0001-Netlink-source-address-validation-allows-DoS.patch" of type "text/x-patch" (1329 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ