[CVE-2010-3877] net: tipc: fix information leak to userland
Tim Gardner
tim.gardner at canonical.com
Tue Feb 1 15:57:52 UTC 2011
On 02/01/2011 08:52 AM, Andy Whitcroft wrote:
> CVE-2010-3877:
>
> Structure sockaddr_tipc is copied to userland with padding bytes
> after "id" field in union field "name" unitialized. It leads to
> leaking of contents of kernel stack memory. We have to initialize
> them to zero.
>
> This fix is already upstream in the commit below:
>
> commit 88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52
> Author: Kulikov Vasiliy<segooon at gmail.com>
> Date: Sun Oct 31 07:10:32 2010 +0000
>
> net: tipc: fix information leak to userland
>
> Structure sockaddr_tipc is copied to userland with padding bytes after
> "id" field in union field "name" unitialized. It leads to leaking of
> contents of kernel stack memory. We have to initialize them to zero.
>
> Signed-off-by: Vasiliy Kulikov<segooon at gmail.com>
> Signed-off-by: David S. Miller<davem at davemloft.net>
>
> This commit cherry-picks cleanly back to Maverick, Lucid, and Karmic;
> I have backported the same fix to Hardy; Dapper is unaffected as it does
> not have the said protocol.
>
> Following this email are two patches, one applies cleanly to Maverick,
> Lucid, and Karmic. The other is for Hardy.
>
> -apw
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list