The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure


<< Previous INDEX Search src / Print Next >>
Date: Thu, 11 Sep 2008 23:19:32 +0200
From: Tobias Klein <tk@trapkit.de.>
To: [email protected]
Subject: [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure
 Vulnerability and NULL Pointer Dereferences
Content-Type: multipart/mixed;
 boundary="------------080606000605030905010909"
X-Virus-Scanned: antivirus-gw at tyumen.ru

This is a multi-part message in MIME format.
--------------080606000605030905010909
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

Please find attached a detailed advisory of the vulnerabilities.

Alternatively, the advisory can also be found at:
http://www.trapkit.de/advisories/TKADV2008-007.txt

--------------080606000605030905010909
Content-Type: text/plain;
 name="TKADV2008-007.txt"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="TKADV2008-007.txt"

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMQ0KDQpBZHZp
c29yeTogICAgICAgICAgICAgICBMaW51eCBLZXJuZWwgU0NUUC1BVVRIIEFQSSBJbmZvcm1h
dGlvbiBEaXNjbG9zdXJlIA0KICAgICAgICAgICAgICAgICAgICAgICAgVnVsbmVyYWJpbGl0
eSBhbmQgTlVMTCBQb2ludGVyIERlcmVmZXJlbmNlcw0KQWR2aXNvcnkgSUQ6ICAgICAgICAg
ICAgVEtBRFYyMDA4LTAwNw0KUmV2aXNpb246ICAgICAgICAgICAgICAgMS4xDQpSZWxlYXNl
IERhdGU6ICAgICAgICAgICAyMDA4LzA5LzA5DQpMYXN0IE1vZGlmaWVkOiAgICAgICAgICAy
MDA4LzA5LzEwDQpEYXRlIFJlcG9ydGVkOiAgICAgICAgICAyMDA4LzA4LzIwDQpBdXRob3I6
ICAgICAgICAgICAgICAgICBUb2JpYXMgS2xlaW4gKHRrIGF0IHRyYXBraXQuZGUpDQpBZmZl
Y3RlZCBTb2Z0d2FyZTogICAgICBMaW51eCBLZXJuZWwgPD0gMi42LjI2LjQNClJlbW90ZWx5
IEV4cGxvaXRhYmxlOiAgIE5vDQpMb2NhbGx5IEV4cGxvaXRhYmxlOiAgICBZZXMNClZlbmRv
ciBVUkw6ICAgICAgICAgICAgIGh0dHA6Ly93d3cua2VybmVsLm9yZy8NClZlbmRvciBTdGF0
dXM6ICAgICAgICAgIFZlbmRvciBoYXMgcmVsZWFzZWQgYSBmaXhlZCB2ZXJzaW9uDQpDVkUt
SUQ6ICAgICAgICAgICAgICAgICBDVkUtMjAwOC0zNzkyDQpQYXRjaCBkZXZlbG9wbWVudCB0
aW1lOiAxIGRheQ0KDQoNCj09PT09PT09PT09PT09PT09PT09PT0NClZ1bG5lcmFiaWxpdHkg
ZGV0YWlsczoNCj09PT09PT09PT09PT09PT09PT09PT0NCg0KVGhlIExpbnV4IEtlcm5lbCBj
b250YWlucyBhbiBpbmZvcm1hdGlvbiBkaXNjbG9zdXJlIHZ1bG5lcmFiaWxpdHkgd2hpbGUg
DQpwYXJzaW5nIHRoZSBJT0NUTCBTQ1RQX0hNQUNfSURFTlQuIEV4cGxvaXRhdGlvbiBvZiB0
aGlzIHZ1bG5lcmFiaWxpdHkgY2FuIA0KYWxsb3cgYSBsb2NhbCB1bnByaXZpbGVnZWQgYXR0
YWNrZXIgdG8gZ2FpbiBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEuIA0KDQpBZGRpdGlvbmFs
bHksIHRoZXJlIGFyZSB2YXJpb3VzIE5VTEwgcG9pbnRlciBkZXJlZmVyZW5jZXMgaW4gdGhl
IFNDVFAtQVVUSA0KQVBJLiBBbGwgb2YgdGhlIFNDVFAtQVVUSCBzb2NrZXQgb3B0aW9ucyBj
b3VsZCBjYXVzZSBhIGtlcm5lbCBwYW5pYyBpZiB0aGUgDQpleHRlbnNpb24gaXMgZGlzYWJs
ZWQgYW5kIHRoZSBBUEkgaXMgZW52b2tlZC4gRXhwbG9pdGF0aW9uIG9mIHRoZXNlDQp2dWxu
ZXJhYmlsaXRpZXMgY2FuIGFsbG93IGFuIHVucHJpdmlsZWdlZCBhdHRhY2tlciB0byBjcmFz
aCB0aGUgc3lzdGVtIA0KKERlbmlhbCBvZiBTZXJ2aWNlKS4NCg0KDQo9PT09PT09PT09PT09
PT09PT09PT09DQpUZWNobmljYWwgZGVzY3JpcHRpb246DQo9PT09PT09PT09PT09PT09PT09
PT09DQoNCi0gRnJvbSBzb3VyY2UgY29kZSBmaWxlOiBuZXQvc2N0cC9zb2NrZXQuYw0KDQpb
Li4uXQ0KU0NUUF9TVEFUSUMgaW50IHNjdHBfZ2V0c29ja29wdChzdHJ1Y3Qgc29jayAqc2ss
IGludCBsZXZlbCwgaW50IG9wdG5hbWUsDQoJCQkJY2hhciBfX3VzZXIgKm9wdHZhbCwgaW50
IF9fdXNlciAqb3B0bGVuKQ0Kew0KCWludCByZXR2YWwgPSAwOw0KCWludCBsZW47DQpbLi4u
XQ0KCWlmIChnZXRfdXNlcihsZW4sIG9wdGxlbikpICA8LS0gWzFdDQoJCXJldHVybiAtRUZB
VUxUOw0KWy4uLl0NCgljYXNlIFNDVFBfSE1BQ19JREVOVDoNCgkJcmV0dmFsID0gc2N0cF9n
ZXRzb2Nrb3B0X2htYWNfaWRlbnQoc2ssIGxlbiwgb3B0dmFsLCBvcHRsZW4pOyAgPC0tIFsy
XQ0KCQlicmVhazsNClsuLi5dDQoNClsxXSBUaGUgdXNlciBjb250cm9sbGVkIHZhbHVlIG9m
ICJvcHRsZW4iIGlzIGNvcGllZCBpbnRvICJsZW4iDQpbMl0gImxlbiIgaXMgdXNlZCBhcyBh
IHBhcmFtZXRlciBmb3IgdGhlIGZ1bmN0aW9uIA0KICAgICJzY3RwX2dldHNvY2tvcHRfaG1h
Y19pZGVudCgpIg0KDQoNCnsuLi5dDQpzdGF0aWMgaW50IHNjdHBfZ2V0c29ja29wdF9obWFj
X2lkZW50KHN0cnVjdCBzb2NrICpzaywgaW50IGxlbiwNCgkJCQkgICAgY2hhciBfX3VzZXIg
Km9wdHZhbCwgaW50IF9fdXNlciAqb3B0bGVuKQ0Kew0KCXN0cnVjdCBzY3RwX2htYWNfYWxn
b19wYXJhbSAqaG1hY3M7DQoJX191MTYgcGFyYW1fbGVuOw0KDQoJaG1hY3MgPSBzY3RwX3Nr
KHNrKS0+ZXAtPmF1dGhfaG1hY3NfbGlzdDsgIDwtLSBbM10NCglwYXJhbV9sZW4gPSBudG9o
cyhobWFjcy0+cGFyYW1faGRyLmxlbmd0aCk7IDwtLSBbNF0NCg0KCWlmIChsZW4gPCBwYXJh
bV9sZW4pICA8LS0gWzVdDQoJCXJldHVybiAtRUlOVkFMOw0KCWlmIChwdXRfdXNlcihsZW4s
IG9wdGxlbikpDQoJCXJldHVybiAtRUZBVUxUOw0KCWlmIChjb3B5X3RvX3VzZXIob3B0dmFs
LCBobWFjcy0+aG1hY19pZHMsIGxlbikpICA8LS0gWzZdDQoJCXJldHVybiAtRUZBVUxUOw0K
DQoJcmV0dXJuIDA7DQp9DQpbLi4uXQ0KDQpJZiBTQ1RQIGF1dGhlbnRpY2F0aW9uIGlzIGRp
c2FibGVkIChuZXQuc2N0cC5hdXRoX2VuYWJsZT0wKToNCg0KWzNdICJobWFjcyIgZ2V0cyBO
VUxMDQpbNF0gImhtYWNzLT5wYXJhbV9oZHIubGVuZ3RoIiBsZWFkcyB0byBhIE5VTEwgcG9p
bnRlciBkZXJlZmVyZW5jZQ0KDQpUaGF0J3Mgb25lIGV4YW1wbGUgb2YgdGhlIG1lbnRpb25l
ZCBOVUxMIHBvaW50ZXIgZGVyZWZlcmVuY2VzIGluIHRoZSANClNDVFAtQVVUSCBBUEkuIEZv
ciBtb3JlIGV4YW1wbGVzIHNlZSBbMV0uDQoNCklmIFNDVFAgYXV0aGVudGljYXRpb24gaXMg
ZW5hYmxlZCAobmV0LnNjdHAuYXV0aF9lbmFibGU9MSk6DQoNClszXSAiaG1hY3MiIGdldHMg
YSB2YWxpZCB2YWx1ZQ0KWzRdICJwYXJhbV9sZW4iIGdldHMgYSB2YWxpZCB2YWx1ZQ0KWzVd
IFRoZSBsZW5ndGggY2hlY2sgY2FuIGJlIGVhc2lseSBwYXNzZWQgYXMgImxlbiIgaXMgdXNl
ciBjb250cm9sbGVkDQpbNl0gImxlbiIgaXMgYSB1c2VyIGNvbnRyb2xsZWQgdmFsdWUsIHRo
ZXJlZm9yZSBpdCBpcyBwb3NzaWJsZSB0byBjb250cm9sIA0KICAgIHRoZSBudW1iZXIgb2Yg
Ynl0ZXMgdGhhdCBnZXQgY29waWVkIGJhY2sgdG8gdGhlIHVzZXINCg0KQXMgImxlbiIgaXNu
J3QgdmFsaWRhdGVkIGF0IGFsbCBhbiB1bnByaXZpbGVnZWQgdXNlciBjYW4gcmVhZCBhcmJp
dHJhcnkgDQpkYXRhIGZyb20gbWVtb3J5Lg0KDQoNCj09PT09PT09PQ0KU29sdXRpb246DQo9
PT09PT09PT0NCg0KVGhlIExpbnV4IEtlcm5lbCBtYWludGFpbmVycyBoYXZlIGFkZHJlc3Nl
ZCB0aGVzZSB2dWxuZXJhYmlsaXRpZXMgd2l0aGluDQp2ZXJzaW9uIDIuNi4yNi40LiBNb3Jl
IGluZm9ybWF0aW9uIGNhbiBiZSBmb3VuZCBmcm9tIHRoZSBVUkxzIHNob3duIGJlbG93Lg0K
DQpodHRwOi8vd3d3Lmtlcm5lbC5vcmcvcHViL2xpbnV4L2tlcm5lbC92Mi42L0NoYW5nZUxv
Zy0yLjYuMjYuNA0KDQpodHRwOi8vZ2l0Lmtlcm5lbC5vcmcvP3A9bGludXgva2VybmVsL2dp
dC9zdGFibGUvbGludXgtDQoyLjYuMjYueS5naXQ7YT1jb21taXQ7aD1iZTk0NjdiZDc1YjUy
MmEzZGIwMzY5YzEyZGI3MzlmNzk3Y2ZlYzZhDQoNCg0KPT09PT09PT0NCkhpc3Rvcnk6DQo9
PT09PT09PQ0KDQogIDIwMDgvMDgvMjAgLSBJbml0aWFsIG5vdGlmaWNhdGlvbiBvZiBrZXJu
ZWwgbWFpbnRhaW5lcnMNCiAgMjAwOC8wOC8yMCAtIEluaXRpYWwgcmVzcG9uc2UgZnJvbSBr
ZXJuZWwgbWFpbnRhaW5lcnMNCiAgMjAwOC8wOS8wOCAtIEZpeCBwcm92aWRlZA0KICAyMDA4
LzA5LzA5IC0gUHVibGljIGRpc2Nsb3N1cmUNCg0KDQo9PT09PT09PQ0KQ3JlZGl0czoNCj09
PT09PT09DQoNCiAgVnVsbmVyYWJpbGl0aWVzIGZvdW5kIGFuZCBhZHZpc29yeSB3cml0dGVu
IGJ5IFRvYmlhcyBLbGVpbi4NCg0KDQo9PT09PT09PT09PQ0KUmVmZXJlbmNlczoNCj09PT09
PT09PT09DQoNCiAgWzFdIGh0dHA6Ly9naXQua2VybmVsLm9yZy8/cD1saW51eC9rZXJuZWwv
Z2l0L3N0YWJsZS9saW51eC0yLjYuMjYueS5naXQNCiAgICAgIDthPWNvbW1pdDtoPWJlOTQ2
N2JkNzViNTIyYTNkYjAzNjljMTJkYjczOWY3OTdjZmVjNmENCiAgWzJdIGh0dHA6Ly93d3cu
a2VybmVsLm9yZy9wdWIvbGludXgva2VybmVsL3YyLjYvQ2hhbmdlTG9nLTIuNi4yNi40DQog
IFszXSBodHRwOi8vd3d3LnRyYXBraXQuZGUvYWR2aXNvcmllcy9US0FEVjIwMDgtMDA3LnR4
dA0KDQoNCj09PT09PT09DQpDaGFuZ2VzOg0KPT09PT09PT0NCg0KICBSZXZpc2lvbiAwLjEg
LSBJbml0aWFsIGRyYWZ0IHJlbGVhc2UgdG8gdGhlIHZlbmRvcg0KICBSZXZpc2lvbiAxLjAg
LSBQdWJsaWMgcmVsZWFzZQ0KICBSZXZpc2lvbiAxLjEgLSBBZGp1c3RlZCBwYXRjaCBkZXZl
bG9wbWVudCB0aW1lICh0aGFua3MgdG8gRXVnZW5lIFRlbw0KICAgICAgICAgICAgICAgICBm
b3IgcG9pbnRpbmcgdGhpcyBvdXQpIGFuZCBhZGRlZCBDVkUtSUQuDQoNCg0KPT09PT09PT09
PT0NCkRpc2NsYWltZXI6DQo9PT09PT09PT09PQ0KDQpUaGUgaW5mb3JtYXRpb24gd2l0aGlu
IHRoaXMgYWR2aXNvcnkgbWF5IGNoYW5nZSB3aXRob3V0IG5vdGljZS4gVXNlIA0Kb2YgdGhp
cyBpbmZvcm1hdGlvbiBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIGZvciB1c2UgaW4gYW4gQVMg
SVMgDQpjb25kaXRpb24uIFRoZXJlIGFyZSBubyB3YXJyYW50aWVzLCBpbXBsaWVkIG9yIGV4
cHJlc3MsIHdpdGggcmVnYXJkIA0KdG8gdGhpcyBpbmZvcm1hdGlvbi4gSW4gbm8gZXZlbnQg
c2hhbGwgdGhlIGF1dGhvciBiZSBsaWFibGUgZm9yIGFueSANCmRpcmVjdCBvciBpbmRpcmVj
dCBkYW1hZ2VzIHdoYXRzb2V2ZXIgYXJpc2luZyBvdXQgb2Ygb3IgaW4gY29ubmVjdGlvbiAN
CndpdGggdGhlIHVzZSBvciBzcHJlYWQgb2YgdGhpcyBpbmZvcm1hdGlvbi4gQW55IHVzZSBv
ZiB0aGlzIA0KaW5mb3JtYXRpb24gaXMgYXQgdGhlIHVzZXIncyBvd24gcmlzay4gDQoNCg0K
PT09PT09PT09PT09PT09PT09DQpQR1AgU2lnbmF0dXJlIEtleToNCj09PT09PT09PT09PT09
PT09PQ0KDQogIGh0dHA6Ly93d3cudHJhcGtpdC5kZS9hZHZpc29yaWVzL3RrLWFkdmlzb3Jp
ZXMtc2lnbmF0dXJlLWtleS5hc2MNCg0KDQpDb3B5cmlnaHQgMjAwOCBUb2JpYXMgS2xlaW4u
IEFsbCByaWdodHMgcmVzZXJ2ZWQuDQoNCg0KLS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0t
LS0NCg0Kd2o4REJRRkl5WXFZa1h4Z2NBSWJoRUVSQXVSWEFKNG5XV2FQNWVIakRYK0NHMVR2
b2lQZlI3Q1NvUUNlTEZ0eg0KUStRVFVqUzNRbVFtZzdFK01pWk4rM1k9DQo9enhnQQ0KLS0t
LS1FTkQgUEdQIFNJR05BVFVSRS0tLS0t
--------------080606000605030905010909--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру