store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Sat Apr 19, 2014 8:31 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Kernel Userspace Buffer Overflow
Unread postPosted: Wed Dec 14, 2011 6:10 am 
Offline
Forum Regular
Forum Regular

Joined: Sat Mar 28, 2009 6:58 pm
Posts: 839
Location: Germany
error in bat_socket_read()-function and/or in file net/batman/icmp_socket.c

SOURCE:
http://git.open-mesh.org/?p=batman-adv. ... 9ba8fd0ccd
http://git.open-mesh.org/?p=batman-adv. ... 1e393b5197


Top
 Profile  
 
 Post subject: Re: Kernel Userspace Buffer Overflow
Unread postPosted: Wed Dec 14, 2011 5:39 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
Thanks for the report. This does not effect the ASL kernel.

First, the ICMP socket code in this case is not in the 2.6.32.x tree, its much newer and is in 3.1 (it might be backported to some later 2.6.40 trees, but its not in 32). the ASL kernel uses the 32 branch.

Both vulnerabilities, if they existed in the ASL kernel, would also get stopped by the enhanced USERCOPY code in the ASL kernel which would prevent it from being exploitable.

So either way, if you have the ASL kernel you are immune to this.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Kernel Userspace Buffer Overflow
Unread postPosted: Thu Dec 15, 2011 4:46 am 
Offline
Forum Regular
Forum Regular

Joined: Sat Mar 28, 2009 6:58 pm
Posts: 839
Location: Germany
Thanks a lot. Whenever I post a possible vulnerability I always get a big :mrgreen: on my face and lay back.
Thanks to Atomicorp :)


Top
 Profile  
 
 Post subject: Re: Kernel Userspace Buffer Overflow
Unread postPosted: Thu Dec 15, 2011 6:26 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
And thank you for posting this, we certainly enjoy the opportunity to see our customers smile! :-)

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: darvil and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group