CVE-2013-4513 & CVE-2017-10911 #220
Conversation
|
Looks like this needs to be worked on! Keep going. |
| @@ -75,7 +80,7 @@ bugs_instructions: | | |||
| * Mentioned in mailing list discussions | |||
| * References from NVD entry | |||
| * Various other places | |||
| bugs: [] | |||
| bugs: [492532] | |||
There was a problem hiding this comment.
I'm not getting a result for this bug ID. Are you certain this is the correct one?
There was a problem hiding this comment.
@evstod this bug id (and the other one) is for bugzilla.redhat.com -- I didn't find any mentions of this bug on bugzilla.com so I decided to put this one.. Not sure if it should be kept or removed.
cves/kernel/CVE-2013-4513.yml
Outdated
| @@ -167,8 +168,9 @@ autodiscoverable: | |||
|
|
|||
| The answer field should be boolean. In answer_note, please explain | |||
| why you come to that conclusion. | |||
| note: | |||
| answer: | |||
| note: A unit test can detect buffer oveflows. The problem is that the kernel tree is so big it is impossible to develop unit tests for everything. | |||
There was a problem hiding this comment.
It is worth noting that integration tests for the entire kernel and subsequent subsystems is indeed possible. It's just not done in the kernel repo. The kernel copy you can get from the repo is a sort of "debug mode" copy.
cves/kernel/CVE-2013-4513.yml
Outdated
| answer: | ||
| note: | ||
| answer: true | ||
| note: quote from the fix commit -- We need to check "count" so we don't overflow the ei->data buffer. |
There was a problem hiding this comment.
Expand this. What did the check specifically do? What is ei->data_buffer? Where was this check put?
cves/kernel/CVE-2013-4513.yml
Outdated
| answer: | ||
| note: | ||
| answer: false | ||
| note: Order of operations was not the issue |
There was a problem hiding this comment.
Specify that the fix was just adding a check. Check order was not affected.
| @@ -75,7 +78,7 @@ bugs_instructions: | | |||
| * Mentioned in mailing list discussions | |||
| * References from NVD entry | |||
| * Various other places | |||
| bugs: [] | |||
| bugs: [1458870] | |||
There was a problem hiding this comment.
This bug ID is not returning a result either? Are you getting these IDs from bugzilla.kernel.org?
| @@ -107,14 +105,6 @@ vcc_instructions: | | |||
| vccs: | |||
| - commit: 4d05a28db56225bbab5e1321d818f318e92a4657 | |||
| note: Discovered automatically by archeogit. | |||
| - commit: 8812293323a79134e06c3bf82eba1e217d23382e | |||
There was a problem hiding this comment.
These all appear to be contributing to the vulnerability. What was the reason for removing them?
There was a problem hiding this comment.
I moved those commits to "interesting commits". The initial commit already pushed vulnerable code, and the following commits were just adding stuff to the code that was already unsafe.
cves/kernel/CVE-2017-10911.yml
Outdated
| answer: | ||
| note: | ||
| answer: false | ||
| note: The vulenrability does not involve IPC. |
| @@ -106,7 +105,7 @@ vcc_instructions: | | |||
| Place any notes you would like to make in the notes field. | |||
| vccs: | |||
| - commit: 23af8c2a088fe5ae142103fb32fa03755cda694c | |||
| note: Discovered automatically by archeogit. | |||
| note: Discovered automatically by archeogit. Verified by a human. | |||
| upvotes_instructions: | | |||
| - commit: 452a6b2bb6de677acdd2ccb8b39cf6e8fe06f306 | ||
| note: Discovered automatically by archeogit. | ||
| - commit: 97e36834f5a106459ab1b290e663a4eb6264639e | ||
| note: Discovered automatically by archeogit. | ||
| upvotes_instructions: | |
cves/kernel/CVE-2017-10911.yml
Outdated
| automated: | ||
| contest: | ||
| developer: | ||
| answer: Not a lot of information provided, but it seems like the vulenrability was |
cves/kernel/CVE-2017-10911.yml
Outdated
| applies: | ||
| note: | ||
| applies: true | ||
| note: The vulenrability exposes data of other users of the system, which violates the least privilege principle. |
cves/kernel/CVE-2017-10911.yml
Outdated
| applies: | ||
| note: | ||
| applies: true | ||
| note: A more carefully designed struct would prevent this vulenrability. I.e. a struct that was designed |
cves/kernel/CVE-2017-10911.yml
Outdated
| @@ -55,7 +55,10 @@ description_instructions: | | |||
|
|
|||
| Your target audience is people just like you before you took any course in | |||
| security | |||
| description: | |||
| description: The gist of the vulenrability is that the data structs in a certain | |||
| @@ -448,7 +455,11 @@ mistakes: | |||
|
|
|||
| Write a thoughtful entry here that people in the software engineering | |||
| industry would find interesting. | |||
| answer: | |||
| answer: Since this vulenrability was implemented in the staging directory of the drivers, | |||
cves/kernel/CVE-2017-10911.yml
Outdated
| note: | ||
| discussed_as_security: false | ||
| any_discussion: false | ||
| note: Did not find any significant discussion |
cves/kernel/CVE-2017-10911.yml
Outdated
| answer: | ||
| note: | ||
| answer: false | ||
| note: The vulenrability involves incorrect memory allocation and data leakage from the stack as a |
No description provided.