Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-09 06:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
579c002085
linux-stable/net/ipv6
History
Vasiliy Kulikov 3271f969b6 ipv6: netfilter: ip6_tables: fix infoleak to userspace 
commit 6a8ab06077 upstream.

Structures ip6t_replace, compat_ip6t_replace, and xt_get_revision are
copied from userspace.  Fields of these structs that are
zero-terminated strings are not checked.  When they are used as argument
to a format string containing "%s" in request_module(), some sensitive
information is leaked to userspace via argument of spawned modprobe
process.

The first bug was introduced before the git epoch;  the second was
introduced in 3bc3fe5e (v2.6.25-rc1);  the third is introduced by
6b7d31fc (v2.6.15-rc1).  To trigger the bug one should have
CAP_NET_ADMIN.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-30 16:53:31 +02:00
..
netfilter ipv6: netfilter: ip6_tables: fix infoleak to userspace 2011-04-30 16:53:31 +02:00
addrconf_core.c [IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses. 2007-07-31 02:28:21 -07:00
addrconf.c ipv6: protocol for address routes 2008-08-23 05:16:46 -07:00
addrlabel.c ipv6 netns: Address labels per namespace 2008-06-12 02:38:15 +09:00
af_inet6.c net: missing bits of net-namespace / sysctl 2008-07-27 04:40:51 -07:00
ah6.c [IPSEC]: Fix bogus usage of u64 on input sequence number 2008-02-12 22:50:35 -08:00
anycast.c ipv6 netns: Make several "global" sysctl variables namespace aware. 2008-07-19 22:35:03 -07:00
datagram.c IPv6: datagram_send_ctl() should exit immediately when an error occured 2008-07-29 23:57:58 -07:00
esp6.c ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer 2008-08-06 02:40:25 -07:00
exthdrs_core.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
exthdrs.c ipv6 netns: Make several "global" sysctl variables namespace aware. 2008-07-19 22:35:03 -07:00
fib6_rules.c netns: Add network namespace argument to rt6_fill_node() and ipv6_dev_get_saddr() 2008-08-14 15:33:21 -07:00
icmp.c icmp: icmp_sk() should not use smp_processor_id() in preemptible code 2008-08-23 04:43:33 -07:00
inet6_connection_sock.c net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
inet6_hashtables.c ipv6: don't use tw net when accounting for recycled tw 2009-05-02 10:23:49 -07:00
ip6_fib.c ipv6: Fix fib6_dump_table walker leak 2009-01-24 16:36:18 -08:00
ip6_flowlabel.c ipv6: Disallow rediculious flowlabel option sizes. 2009-02-17 09:46:20 -08:00
ip6_input.c ipv6: Plug sk_buff leak in ipv6_rcv (net/ipv6/ip6_input.c) 2009-05-02 10:23:51 -07:00
ip6_output.c ipv6: Copy cork options in ip6_append_data 2009-02-17 09:46:21 -08:00
ip6_tunnel.c net: remove CVS keywords 2008-06-11 21:00:38 -07:00
ip6mr.c netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
ipcomp6.c ipcomp: Fix warnings after ipcomp consolidation. 2008-07-27 03:59:24 -07:00
ipv6_sockglue.c ipv6: Fix the return interface index when get it while no message is received. 2008-08-17 23:21:52 -07:00
Kconfig ipsec: ipcomp - Merge IPComp implementations 2008-07-25 02:54:40 -07:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
mcast.c ipv6 mcast: Omit redundant address family checks in ip6_mc_source(). 2008-07-19 22:36:07 -07:00
mip6.c net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
ndisc.c netns: Add network namespace argument to rt6_fill_node() and ipv6_dev_get_saddr() 2008-08-14 15:33:21 -07:00
netfilter.c [NETFILTER]: Add partial checksum validation helper 2008-04-14 11:15:49 +02:00
proc.c ipv6: Fix useless proc net sockstat6 removal 2008-07-30 03:27:52 -07:00
protocol.c net: remove CVS keywords 2008-06-11 21:00:38 -07:00
raw.c ipv6: When we droped a packet, we should return NET_RX_DROP instead of 0 2008-08-29 14:27:51 -07:00
reassembly.c ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery 2010-01-06 15:17:14 -08:00
route.c net: Fix IPv6 PMTU disc. w/ asymmetric routes 2010-12-09 13:24:19 -08:00
sit.c sit: fix off-by-one in ipip6_tunnel_get_prl 2010-04-01 15:52:19 -07:00
syncookies.c ipv6: syncookies: free reqsk on xfrm_lookup error 2008-08-03 18:13:44 -07:00
sysctl_net_ipv6.c ipv6: sysctl fixes 2008-08-25 15:18:15 -07:00
tcp_ipv6.c tcpv6: fix option space offsets with md5 2008-11-06 19:05:41 -08:00
tunnel6.c [IPV6] TUNNEL6: Fix incoming packet length check for inter-protocol tunnel. 2008-06-05 04:02:32 +09:00
udp_impl.h net: change proto destroy method to return void 2008-06-14 17:04:49 -07:00
udp.c udp: multicast packets need to check namespace 2008-12-13 15:29:12 -08:00
udplite.c net: remove CVS keywords 2008-06-11 21:00:38 -07:00
xfrm6_input.c [XFRM] IPV6: Optimize xfrm6_input_addr(). 2008-03-25 10:23:56 +09:00
xfrm6_mode_beet.c ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer 2008-08-06 02:40:25 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm6_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm6_policy.c netns: Add network namespace argument to rt6_fill_node() and ipv6_dev_get_saddr() 2008-08-14 15:33:21 -07:00
xfrm6_state.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-27 18:48:56 -07:00
xfrm6_tunnel.c [XFRM] IPV6: Optimize __xfrm_tunnel_alloc_spi(). 2008-03-25 10:23:57 +09:00