Re: your mail

Zwane Mwaikambo (zwane@linux.realnet.co.sz)
Mon, 24 Jun 2002 09:34:15 +0200 (SAST)


On 24 Jun 2002 pah@promiscua.org wrote:

> I've just found a bug (an unsignificant bug) in the panic() function!
> There's a possible buffer overflow if the formated string exceeds
> 1024 characters (I think that the problem is in all kernel releases).
> The problem is in the use of vsprintf() insted of vsnprintf()!
>
> I know that this doesn't compromise any exploitation by an uid
> different than zero, but should be fixed in the case of panic()'s arguments
> exceeds the buffer limit (probably by an lkm or something like that) and
> cause (probably) a system crash.
>

In that case there are quite a number of other places in the kernel which
can be 'exploited' in various ways.

Cheers,
Zwane

--
http://function.linuxpower.ca
		

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/