| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 23 Feb 2013 20:10:33 +0100 From: Mathias Krause <minipli@...glemail.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, Dave Jones <davej@...hat.com> Subject: Re: [PATCH 1/2] sock_diag: Fix out-of-bounds access to sock_diag_handlers[] On Sat, Feb 23, 2013 at 6:35 PM, Eric Dumazet <eric.dumazet@...il.com> wrote: > On Sat, 2013-02-23 at 12:13 +0100, Mathias Krause wrote: >> Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY >> with a family greater or equal then AF_MAX -- the array size of >> sock_diag_handlers[]. The current code does not test for this >> condition therefore is vulnerable to an out-of-bound access opening >> doors for a privilege escalation. >> >> Signed-off-by: Mathias Krause <minipli@...glemail.com> >> --- >> net/core/sock_diag.c | 3 +++ >> 1 file changed, 3 insertions(+) > > Thanks for fixing this. > > It seems trinity didnt catch it ! For trinity to catch that one, trinity needs to generate a valid netlink request on a PF_NETLINK socket with protocol NETLINK_SOCK_DIAG. Very unlikely. Especially the sanity checks in netlink_rcv_skb() will probably filter invalid messages before they reach any interesting code. But if trinity would have support for generating netlink messages, then, yes, it should probably have found that bug easily. It's in there for ages, now ;) > > Acked-by: Eric Dumazet <edumazet@...gle.com> > > Thanks, Mathias -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists