[v2.7] kernel: libceph: do not hard code max auth ticket len (CVE-2014-6416, CVE-2014-6417, CVE-2014-6418)
CVE-2014-6416:
Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux
kernel before 3.16.3, allows remote attackers to cause a denial of
service (memory corruption and panic) or possibly have unspecified other
impact via a long unencrypted auth ticket.
CVE-2014-6416:
net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3,
does not properly consider the possibility of kmalloc failure, which
allows remote attackers to cause a denial of service (system crash) or
possibly have unspecified other impact via a long unencrypted auth
ticket.
CVE-2014-6416:
net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3,
does not properly validate auth replies, which allows remote attackers
to cause a denial of service (system crash) or possibly have unspecified
other impact via crafted data from the IP address of a Ceph Monitor.
References:
CONFIRM: http://seclists.org/oss-sec/2014/q3/604
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6416
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6417
CONFIRM: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6418
COMMIT (upstream):
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8
COMMIT (linux-3.14.y):
https://github.com/torvalds/linux/commit/9956752afa398ea6e0c9c69b258be6afd73da4b1
COMMIT (linux-3.10.y):
https://github.com/torvalds/linux/commit/9c38ff707bbe0635121f8fb6f108ee376cff90fe
(from redmine: issue id 3446, created on 2014-10-17, closed on 2017-09-05)
- Relations:
- parent #3444