BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability Mar 27 2007 08:33PM
Robert ¦wiêcki (jagger swiecki net)

> ...
> if (get_user(len, optlen))
> return -EFAULT;
> if (len < sizeof(int))
> return -EINVAL;

Actually, `optlen' is not checked againist upper limit as well, so we
can simply use any large positive value for getsockopt()'s optlen and we
will be able to use it on IA32 cpus as well, without ...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus