Summary: | sys-fs/cryptsetup-luks - stack smashing attack in function __crypt_luks_open | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | 11superstrings |
Component: | Current packages | Assignee: | Gentoo Security Audit Team <security-audit> |
Status: | RESOLVED TEST-REQUEST | ||
Severity: | major | CC: | hardened, M4rkusXXL, strerror |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
dmesg output
emerge --info output Kernel Config strace of program with issue |
Description
11superstrings
2007-07-01 08:22:01 UTC
Created attachment 123513 [details]
dmesg output
Created attachment 123515 [details]
emerge --info output
I have done some further testing and found this only occurs while using --key-size 384. There is no SSP while using a key size of 320. Created attachment 123558 [details]
Kernel Config
Kernel configuration for system with issue.
Created attachment 123559 [details]
strace of program with issue
The details of strace run on the program with the SSP issue.
It looks similar to bug 183407 So it should work with 1.0.5, its not yet in portage, but in the bug I linked a ebuild exists "its working for me"(tm) let me know if >=cryptsetup-1.0.5 solves your problem. |