-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


CVE-2013-2239 - Multiple memory leaks in OpenVZ kernel 2.6.32 (042stab080.1)


Description
===========

Two memory leaks was discovered in the versions before vzkernel
patch 042stab080.2.

One memory leak in ploop:

    The ploop_getdevice_ioc function in drivers/block/ploop/dev.c in 
    the vzkernel patch before 042stab080.2 does not initialize a certain 
    length variable, which allows local users to obtain sensitive 
    information from kernel stack memory.

One memory leak in quota:

    The compat_quotactl function in fs/quota/quota.c in the vzkernel patch 
    before 042stab080.2 does not initialize a certain length variable, 
    which allows local users to obtain sensitive information from kernel 
    stack memory.

Fixed in the 042stab080.2

  - [security/ploop] memory info leak fixed (PSBM-20690)
  - [security/quota] memory info leak fixed (PSBM-20690)


Classification
==============

Location    : Local Access Required 
Attack Type : Information Disclosure, Input Manipulation 
Version     : vzkernel 2.6.32 (Patch 042stab080.1)
Impact      : Loss of Confidentiality 
Solution    : Patch / RCS 
Disclosure  : Vendor Verified


References
==========

CVE ID    : CVE-2013-2239
Changelog : http://wiki.openvz.org/Download/kernel/rhel6-testing/042stab080.2
Credit    : Jonathan Salwan (Sysdream Security Lab)


Timeline
========

2013-06-16 : Bugs found
2013-06-19 : Bugs reported
2013-06-28 : Bugs fixed
2013-06-29 : CVE request
2013-07-04 : CVE assigned



Thanks,

- -- Jonathan


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)

iQEcBAEBAgAGBQJR1a2+AAoJEH9bXKkQj2JzGQkIAKgsP6wJLdbIicezwy8wd57V
gdtaqfBxq3PwRP47C0Yw0TVe+KMuYgq7vxjyMo5L1vrVoBd39NkHqmdo105d3s7z
gxBkhARCS53wiuQ09AIIjFVHAhXzzxLYPrJ3HlzBH0pF/UouIusvI1t+fgOufGsU
SO28DshO+xZWMJiP3ao1Ce8gtkFK9QIdPjoyr67jMndLuv6MTFYPN/Kv33CN0cOQ
6W0ULtxrBVDVuudZMhGon8cEifyisF/WVvG4MuEla9ZyryF2NUJvE05hpfpFqjYf
mYrAKpdEjBGvVHEXn27paXUBJDyWZa2Z2X934TgrCfwx4ysU9UCQ7jK4IDmw8xs=
=BfIK
-----END PGP SIGNATURE-----