oss-security September 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE-2010-2960 kernel: keyctl_sessio

[oss-security] CVE-2010-2960 kernel: keyctl_session_to_parent null ptr deref

From: Eugene Teo <eugene_at_nospam>
Date: Thu Sep 02 2010 - 05:52:15 GMT
To: oss-security@lists.openwall.com

Reported by Tavis Ormandy.

Patches (not in upstream yet):
https://bugzilla.redhat.com/show_bug.cgi?id=627440#c4
https://bugzilla.redhat.com/show_bug.cgi?id=627440#c5

You might need to comment out all the pam_keyinit calls in /etc/pam.d/
to reproduce the problem if the version of the kernel you are using is
affected.

Introduced via upstream commit ee18d64c (v2.6.32-rc1).

References:
https://bugzilla.redhat.com/CVE-2010-2960
https://bugzilla.redhat.com/show_bug.cgi?id=627440#c3

Thanks, Eugene
-- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }