Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 475604 (CVE-2013-2234) - Kernel : information leak in AF_KEY notify messages (CVE-2013-2234)
Summary: Kernel : information leak in AF_KEY notify messages (CVE-2013-2234)
Status: CONFIRMED
Alias: CVE-2013-2234
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-03 09:06 UTC by Agostino Sarubbo
Modified: 2016-12-07 04:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-07-03 09:06:34 UTC
From ${URL} :

found in the mainline kernel git:

commit a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887
Author: Mathias Krause <minipli@...glemail.com>
Date:   Wed Jun 26 23:52:30 2013 +0200

    af_key: fix info leaks in notify messages

    key_notify_sa_flush() and key_notify_policy_flush() miss to initialize
    the sadb_msg_reserved member of the broadcasted message and thereby
    leak 2 bytes of heap memory to listeners. Fix that.

    Signed-off-by: Mathias Krause <minipli@...glemail.com>
    Cc: Steffen Klassert <steffen.klassert@...unet.com>
    Cc: "David S. Miller" <davem@...emloft.net>
    Cc: Herbert Xu <herbert@...dor.apana.org.au>
    Signed-off-by: David S. Miller <davem@...emloft.net>

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887
Comment 1 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-07-03 14:27:06 UTC
Present in 3.10; added to genpatches for 3.9.9, as it is not in stable queue.

------------------------------------------------------------------------
r2428 | tomwij | 2013-07-03 16:25:51 +0200 (Wed, 03 Jul 2013) | 1 line

Applied af_key info leak security fix for bug #475604 to 3.9 branch.
------------------------------------------------------------------------
Comment 2 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-07-03 14:57:19 UTC
Checked the LTS branches as well now.

------------------------------------------------------------------------
r2429 | tomwij | 2013-07-03 16:52:52 +0200 (Wed, 03 Jul 2013) | 1 line

Applied af_key info leak security fix for bug #475604 to branches 3.0, 3.2 and 3.4.
------------------------------------------------------------------------
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-08-30 01:11:00 UTC
CVE-2013-2234 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2234):
  The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in
  net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain
  structure members, which allows local users to obtain sensitive information
  from kernel heap memory by reading a broadcast message from the notify
  interface of an IPSec key_socket.