Re: {2.6.22.y} CVE-2007-6434

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Oliver Pinter <oliver.pntr@...>

Cc: <stable@...>, <linux-kernel@...>, chrisw@sous-sol.org <chrisw@...>, Greg KH <gregkh@...>, Willy Tarreau <w@...>, Adrian Bunk <bunk@...>, Nick Piggin <npiggin@...>

Subject: Re: {2.6.22.y} CVE-2007-6434

Date: Monday, February 4, 2008 - 5:34 pm

* Oliver Pinter (oliver.pntr@gmail.com) wrote:
quoted text> mainline: ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5
> 
> --->8---
> commit ecaf18c15aac8bb9bed7b7aa0e382fe252e275d5
> Author: Eric Paris <eparis@redhat.com>
> Date:   Tue Dec 4 23:45:31 2007 -0800
> 
>     VM/Security: add security hook to do_brk
> 
>     Given a specifically crafted binary do_brk() can be used to get low pages
>     available in userspace virtual memory and can thus be used to circumvent
>     the mmap_min_addr low memory protection.  Add security checks in do_brk().

All of the low mmap addr stuff isn't added until 2.6.23.

thanks,
-chris
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

{2.6.22.y} CVE-2007-6434, Oliver Pinter, (Mon Feb 4, 4:13 pm)

Re: {2.6.22.y} CVE-2007-6434, Chris Wright, (Mon Feb 4, 5:34 pm)

Re: {2.6.22.y} CVE-2007-6434, Oliver Pinter, (Mon Feb 4, 5:36 pm)

Re: {2.6.22.y} CVE-2007-6434, Oliver Pinter, (Mon Feb 4, 5:02 pm)

Re: {2.6.22.y} CVE-2007-6434, Greg KH, (Mon Feb 4, 5:38 pm)

Re: {2.6.22.y} CVE-2007-6434, Oliver Pinter, (Mon Feb 4, 4:14 pm)

Navigation

Popular discussions


linux-kernel:
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
Alan Stern	Re: 2.6.22-rc2-mm1
Satyam Sharma	Re: [PATCH 0/24] make atomic_read() behave consistently across all architectures
William Lee Irwin III	Re: [Announce] [patch] Modular Scheduler Core and Completely Fair Scheduler [CFS]
git:

linux-netdev:
Dale Farnsworth	Re: [PATCH 03/39] mv643xx_eth: shorten reg names
Jarek Poplawski	Re: HTB accuracy for high speed
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
openbsd-misc:

Colocation donated by:

Online users

Syndicate