Mailinglist Archive: opensuse-bugs (6633 mails)

< Previous Next >
[Bug 535707] New: Vuln: CVE-2009-3002
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 31 Aug 2009 12:13:27 -0600
  • Message-id: <bug-535707-21960@xxxxxxxxxxxxxxxxxxxxxxxx/>
http://bugzilla.novell.com/show_bug.cgi?id=535707


Summary: Vuln: CVE-2009-3002
Classification: openSUSE
Product: openSUSE 11.0
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Keywords: Chinese_Traditional
Severity: Normal
Priority: P5 - None
Component: Kernel
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: lliu@xxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: Field Engineer


/*
* cve-2009-3002.c
*
* Linux Kernel < 2.6.31-rc7 AF_IRDA getsockname 29-Byte Stack Disclosure
* Jon Oberheide <jon@xxxxxxxxxxxxx>
* http://jon.oberheide.org
*
* Information:
*
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3002
*
* The Linux kernel before 2.6.31-rc7 does not initialize certain data
* structures within getname functions, which allows local users to read
* the contents of some kernel memory locations by calling getsockname
* on ... (2) an AF_IRDA socket, related to the irda_getname function in
* net/irda/af_irda.c.
*
* Notes:
*
* Yet another stack disclosure...although this one is big and contiguous.
*/

I tried this on my desktop, it works. We need to fix this..

--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
This Thread
  • No further messages