lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 May 2004 18:35:29 +0100 (BST) From: Shaun Colley <shaunige@...oo.co.uk> To: Jirka Kosina <jikos@...os.cz> Cc: bugtraq@...urityfocus.com Subject: Re: Linux Kernel sctp_setsockopt() Integer Overflow > Because this all is debate about nothing, as the > original advisory was > fake, because you simply can't pass negative optlen > to setsockopt() > syscall, so there is nothing to be exploited. No, the advisory was not fake. At the time, I didn't realise that -1 or any negative will not get past sys_setsockopt(). Without the sanity check in setsockopt, there would be a bad security issue, though. It's still worth upgrading, anyway. The bug exists, just not a very big possibility of exploiting. Thank you for your time. Shaun. ____________________________________________________________ Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html
Powered by blists - more mailing lists