FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team
Reload this Page Hardy CVE-2010-3873, memory corruption in X.25 facilities parsing (V2)

 
 
LinkBack Thread Tools
 
Old 01-31-2011, 04:10 PM
Tim Gardner
 
Default Hardy CVE-2010-3873, memory corruption in X.25 facilities parsing (V2)
This is a multi-part message in MIME format.
Return 0 instead of -1 in order to avoid SKB leak.

rtg

--
Tim Gardner tim.gardner@canonical.com
 
Old 02-01-2011, 01:19 PM
Stefan Bader
 
Default Hardy CVE-2010-3873, memory corruption in X.25 facilities parsing (V2)
On 01/31/2011 06:10 PM, Tim Gardner wrote:
> Return 0 instead of -1 in order to avoid SKB leak.
>
> rtg
>

ACK

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-01-2011, 04:18 PM
Tim Gardner
 
Default Hardy CVE-2010-3873, memory corruption in X.25 facilities parsing (V2)
On 02/01/2011 10:06 AM, Kees Cook wrote:

Hi Andy,

On Tue, Feb 01, 2011 at 02:41:26PM +0000, Andy Whitcroft wrote:

Kees, I note that in v2.6.37 and later there is also this commit below,
you might want to review for relevance here. It seems to prevent bad
packets triggering panics.

commit 5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f
Author: Dan Rosenberg<drosenberg@vsecurity.com>
Date: Fri Nov 12 12:44:42 2010 -0800

x25: Prevent crashing when parsing bad X.25 facilities


Yes, please.

-Kees



Under the auspices of CVE-2010-3873 ? Or a new CVE?

I'm not really interested in putting too much work into X.25 'cause I
don't think anyone is even using it these days. I haven't encountered a
phy over which X.25 would have run in nearly a decade.


rtg
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-01-2011, 05:16 PM
Tim Gardner
 
Default Hardy CVE-2010-3873, memory corruption in X.25 facilities parsing (V2)
On 02/01/2011 11:00 AM, Kees Cook wrote:

Hi Andy,

On Tue, Feb 01, 2011 at 09:06:43AM -0800, Kees Cook wrote:

On Tue, Feb 01, 2011 at 02:41:26PM +0000, Andy Whitcroft wrote:

Kees, I note that in v2.6.37 and later there is also this commit below,
you might want to review for relevance here. It seems to prevent bad
packets triggering panics.

commit 5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f
Author: Dan Rosenberg<drosenberg@vsecurity.com>
Date: Fri Nov 12 12:44:42 2010 -0800

x25: Prevent crashing when parsing bad X.25 facilities


Yes, please.


Actually, the above patch is for CVE-2010-4164

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4164

-Kees



OK, then we'll get to it as we grind down the list.

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 06:07 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -