Full Disclosure mailing list archives
SSD Advisory – Linux Kernel AF_PACKET Use-After-Free
From: Maor Shwartz <maors () beyondsecurity com>
Date: Tue, 17 Oct 2017 15:00:26 +0300
SSD Advisory – Linux Kernel AF_PACKET Use-After-Free Full report: https://blogs.securiteam.com/index.php/archives/3484 Twitter: @SecuriTeam_SSD Weibo: SecuriTeam_SSD Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AF_PACKET that can lead to privilege escalation. AF_PACKET sockets “allow users to send or receive packets on the device driver level. This for example lets them to implement their own protocol on top of the physical layer or to sniff packets including Ethernet and higher levels protocol headers” Credit The vulnerability was discovered by an independent security researcher which reported this vulnerabilities to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response “It is quite likely that this is already fixed by: packet: hold bind lock when rebinding to fanout hook – http://patchwork.ozlabs.org/patch/813945/ Also relevant, but not yet merged is packet: in packet_do_bind, test fanout with bind_lock held – http://patchwork.ozlabs.org/patch/818726/ We verified that this does not trigger on v4.14-rc2, but does trigger when reverting that first mentioned commit (008ba2a13f2d).” -- Thanks Maor Shwartz Beyond Security GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – Linux Kernel AF_PACKET Use-After-Free – SecuriTeam Blogs.pdf
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- SSD Advisory – Linux Kernel AF_PACKET Use-After-Free Maor Shwartz (Oct 17)