Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

EGI CSIRT:Alerts/rds-rdma-2010-11-02

From EGIWiki
Revision as of 16:17, 2 November 2010 by Sveng (talk | contribs)
Jump to navigation Jump to search

========== DRAFT =========== 

** WHITE information - Unlimited distribution allowed                         **
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **
 
EGI CSIRT ADVISORY [EGI-ADV-20101102]
 
Title:       HIGH Vulnerability CVE-2010-3865 kernel: iovec integer overflow in net/rds/rdma.c  [EGI-ADV-20101102]
Date:        November 01, 2010
Last update: November 01, 2010
URL:         https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/liblinker-2010-10-23

Introduction
============
Another problem in the RDS-Module is detected:
https://bugzilla.redhat.com/show_bug.cgi?id=647416
it looks like they think it might even be possible to remotely exploit
this over an Infiniband network ("Access Vector: Adjacent"). But,
presumably, for this to be exploitable *over the network*, the victim
host would have to listen on an RDS socket, which should be very rare.
But locally it's probably exploitable on any machine.

Note that the kernel update fixing CVE-2010-3904 does *not* fix CVE-2010-3865.

The EGI CSIRT considers this to be a High vulnerability.

Details
=======
Retrieved from "https://wiki.egi.eu/w/index.php?title=EGI_CSIRT:Alerts/rds-rdma-2010-11-02&oldid=5048"