Summary: | Integer overflow in kernel: net/sctp | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Dan Margolis (RETIRED) <krispykringle> |
Component: | [OLD] Core system | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | critical | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/archive/1/362953 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Dan Margolis (RETIRED)
2004-05-29 09:18:09 UTC
Please see http://bugs.gentoo.org/show_bug.cgi?id=47881 for related bugs in related kernel versions. Note that these are NOT the same vulnerabilities, but both are apparently fixed in 2.4.26. This is NOT confirmed... From FD : -------------------------------------------------- Because this all is debate about nothing, as the original advisory was fake, because you simply can't pass negative optlen to setsockopt() syscall, so there is nothing to be exploited. asmlinkage long sys_setsockopt(int fd, int level, int optname, char __user *optval, { int err; struct socket *sock; if (optlen < 0) return -EINVAL; ---------------------------------------------------- Looks like Trustix got caught. Please confirm the debunking, but IMHO this one is fake. I agree. This doesn't look worrysome. It was questionable from the start, but I figured better safe than sorry (and when I saw the TLSA I started to take it more seriously). Apparently the advisory is not itself ``fake'', but the bug is unlikely to be exploitable (according to the original poster: "I didn't realise that -1 or any negative will not get past sys_setsockopt()."). |