| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130607083314.GQ23987@mwanda> Date: Fri, 7 Jun 2013 11:33:14 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: Simon Horman <horms@...ge.net.au> Cc: Wensong Zhang <wensong@...ux-vs.org>, Julian Anastasov <ja@....bg>, Pablo Neira Ayuso <pablo@...filter.org>, Patrick McHardy <kaber@...sh.net>, Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>, "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org, lvs-devel@...r.kernel.org, netfilter-devel@...r.kernel.org, netfilter@...r.kernel.org, coreteam@...filter.org, kernel-janitors@...r.kernel.org Subject: Re: [patch] ipvs: info leak in __ip_vs_get_dest_entries() On Mon, Jun 03, 2013 at 06:03:27PM -0700, Simon Horman wrote: > On Mon, Jun 03, 2013 at 12:00:49PM +0300, Dan Carpenter wrote: > > The entry struct has a 2 byte hole after ->port and another 4 byte > > hole after ->stats.outpkts. You must have CAP_NET_ADMIN in your > > namespace to hit this information leak. > > Hi Dan, > > can I verify that it is actually possible to hit this and > thus the patch is a -stable candidate? This is a static checker fix. To me it seems like it's obviously a real info leak. I'm not certain of the impact though. CLONE_NEWNET requires CAP_SYS_ADMIN but on the other hand people are making virtualization products where they give everyone their own namespace with admin privileges. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists