[CVE-2010-3877] net: tipc: fix information leak to userland
Andy Whitcroft
apw at canonical.com
Tue Feb 1 15:52:59 UTC 2011
CVE-2010-3877:
Structure sockaddr_tipc is copied to userland with padding bytes
after "id" field in union field "name" unitialized. It leads to
leaking of contents of kernel stack memory. We have to initialize
them to zero.
This fix is already upstream in the commit below:
commit 88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52
Author: Kulikov Vasiliy <segooon at gmail.com>
Date: Sun Oct 31 07:10:32 2010 +0000
net: tipc: fix information leak to userland
Structure sockaddr_tipc is copied to userland with padding bytes after
"id" field in union field "name" unitialized. It leads to leaking of
contents of kernel stack memory. We have to initialize them to zero.
Signed-off-by: Vasiliy Kulikov <segooon at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
This commit cherry-picks cleanly back to Maverick, Lucid, and Karmic;
I have backported the same fix to Hardy; Dapper is unaffected as it does
not have the said protocol.
Following this email are two patches, one applies cleanly to Maverick,
Lucid, and Karmic. The other is for Hardy.
-apw
More information about the kernel-team
mailing list