[Bug 535707] New: Vuln: CVE-2009-3002

31 Aug 2009

      http://bugzilla.novell.com/show_bug.cgi?id=535707

           Summary: Vuln: CVE-2009-3002
    Classification: openSUSE
           Product: openSUSE 11.0
           Version: Final
          Platform: Other
        OS/Version: Other
            Status: NEW
          Keywords: Chinese_Traditional
          Severity: Normal
          Priority: P5 - None
         Component: Kernel
        AssignedTo: bnc-team-screening@forge.provo.novell.com
        ReportedBy: lliu@novell.com
         QAContact: qa@suse.de
          Found By: Field Engineer

/* 
 * cve-2009-3002.c
 *
 * Linux Kernel < 2.6.31-rc7 AF_IRDA getsockname 29-Byte Stack Disclosure
 * Jon Oberheide 
 * http://jon.oberheide.org
 * 
 * Information:
 * 
 *   http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3002 
 *
 *   The Linux kernel before 2.6.31-rc7 does not initialize certain data 
 *   structures within getname functions, which allows local users to read 
 *   the contents of some kernel memory locations by calling getsockname 
 *   on ... (2) an AF_IRDA socket, related to the irda_getname function in 
 *   net/irda/af_irda.c.
 *
 * Notes:
 * 
 *   Yet another stack disclosure...although this one is big and contiguous.
 */

I tried this on my desktop, it works. We need to fix this..

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug 535707] New: Vuln: CVE-2009-3002

bugzilla_noreply＠novell.com