BugTraq
Linux Kernel sctp_setsockopt() Integer Overflow May 11 2004 06:58PM
Shaun Colley (shaunige yahoo co uk) (2 replies)
Re: Linux Kernel sctp_setsockopt() Integer Overflow May 15 2004 06:24PM
Michael Tokarev (mjt tls msk ru) (1 replies)
Re: Linux Kernel sctp_setsockopt() Integer Overflow May 27 2004 07:47PM
Michael Tokarev (mjt tls msk ru) (1 replies)
Re: Linux Kernel sctp_setsockopt() Integer Overflow May 29 2004 03:13AM
Jirka Kosina (jikos jikos cz) (1 replies)
Re: Linux Kernel sctp_setsockopt() Integer Overflow May 31 2004 05:35PM
Shaun Colley (shaunige yahoo co uk)
> Because this all is debate about nothing, as the
> original advisory was
> fake, because you simply can't pass negative optlen
> to setsockopt()
> syscall, so there is nothing to be exploited.

No, the advisory was not fake. At the time, I didn't
realise that -1 or any negative will not get past
sys_setsockopt(). Without the sanity check in
setsockopt, there would be a bad security issue,
though. It's still worth upgrading, anyway. The bug
exists, just not a very big possibility of exploiting.

Thank you for your time.
Shaun.

____________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html

[ reply ]
Re: [Full-Disclosure] Linux Kernel sctp_setsockopt() Integer Overflow May 11 2004 10:05PM
Tom Rini (trini kernel crashing org)


 

Privacy Statement
Copyright 2010, SecurityFocus