Difference between revisions of "EGI CSIRT:Alerts/rds-rdma-2010-11-02"
Jump to navigation
Jump to search
(Created page with '** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI CSIRT ADVISO…') |
|||
Line 1: | Line 1: | ||
<pre> | |||
** WHITE information - Unlimited distribution allowed ** | ** WHITE information - Unlimited distribution allowed ** | ||
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** | ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** | ||
Line 11: | Line 12: | ||
Introduction | Introduction | ||
============ | ============ | ||
Another problem in the RDS-Module is detected: | |||
https://bugzilla.redhat.com/show_bug.cgi?id=647416 | |||
it looks like they think it might even be possible to remotely exploit | |||
this over an Infiniband network ("Access Vector: Adjacent"). But, | |||
presumably, for this to be exploitable *over the network*, the victim | |||
host would have to listen on an RDS socket, which should be very rare. | |||
But locally it's probably exploitable on any machine. | |||
ANote that the kernel update fixing CVE-2010-3904 does *not* fix CVE-2010-3865. | |||
</pre> |
Revision as of 15:59, 2 November 2010
** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI CSIRT ADVISORY [EGI-ADV-20101102] Title: HIGH Vulnerability CVE-2010-3865 kernel: iovec integer overflow in net/rds/rdma.c [EGI-ADV-20101102] Date: November 01, 2010 Last update: November 01, 2010 URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/liblinker-2010-10-23 Introduction ============ Another problem in the RDS-Module is detected: https://bugzilla.redhat.com/show_bug.cgi?id=647416 it looks like they think it might even be possible to remotely exploit this over an Infiniband network ("Access Vector: Adjacent"). But, presumably, for this to be exploitable *over the network*, the victim host would have to listen on an RDS socket, which should be very rare. But locally it's probably exploitable on any machine. ANote that the kernel update fixing CVE-2010-3904 does *not* fix CVE-2010-3865.