Re: CVE-2009-2584

From: Justin P. Mattock
Date: Wed Nov 04 2009 - 17:08:41 EST

Next message: Rafael J. Wysocki: "Re: [Bug 14537] New: missing compat_ioctl on x86_64"
Previous message: Mikulas Patocka: "Re: package managers [was: FatELF patches...]"
In reply to: Michael Gilbert: "CVE-2009-2584"
Next in thread: Michael Gilbert: "Re: CVE-2009-2584"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Gilbert wrote:

Hi,

CVE-2009-2584 [0],[1] has been disclosed for quite a while now (with
existing exploit code by Brad Spengler [2]). A patch has also been
available for the same amount of time [3], but as of 2.6.32-rc6 it is
still not applied. Did this slip through the cracks? Thanks upfront
for any info on the matter.

Best wishes,
Mike

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2584
[1] http://xorl.wordpress.com/2009/07/21/linux-kernel-sgi-gru-driver-off-by-one-overwrite/
[2] http://grsecurity.net/~spender/exploit_demo.c
[3] http://lkml.org/lkml/2009/7/20/348
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

just read something today which might
be similar/same as what you might
be referring too.
http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

Justin P. Mattock

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rafael J. Wysocki: "Re: [Bug 14537] New: missing compat_ioctl on x86_64"
Previous message: Mikulas Patocka: "Re: package managers [was: FatELF patches...]"
In reply to: Michael Gilbert: "CVE-2009-2584"
Next in thread: Michael Gilbert: "Re: CVE-2009-2584"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]