Re: [PATCH] bridge: netfilter: fix information leak

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 14.02.2011 11:54, schrieb Vasiliy Kulikov:
> Struct tmp is copied from userspace.  It is not checked whether the "name"
> field is NULL terminated.  This may lead to buffer overflow and passing
> contents of kernel stack as a module name to try_then_request_module() and,
> consequently, to modprobe commandline.  It would be seen by all userspace
> processes.
> 
> Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx>

Applied, thanks Vasiliy.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux