lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 31 May 2004 18:35:29 +0100 (BST)
From: Shaun Colley <shaunige@...oo.co.uk>
To: Jirka Kosina <jikos@...os.cz>
Cc: bugtraq@...urityfocus.com
Subject: Re: Linux Kernel sctp_setsockopt() Integer Overflow


> Because this all is debate about nothing, as the
> original advisory was 
> fake, because you simply can't pass negative optlen
> to setsockopt() 
> syscall, so there is nothing to be exploited.

No, the advisory was not fake.  At the time, I didn't
realise that -1 or any negative will not get past
sys_setsockopt().  Without the sanity check in
setsockopt, there would be a bad security issue,
though.  It's still worth upgrading, anyway.  The bug
exists, just not a very big possibility of exploiting.



Thank you for your time.
Shaun.


	
	
		
____________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html


Powered by blists - more mailing lists