oss-sec mailing list archives
Re: CVE Request: kernel ebtables perm check
From: Eugene Teo <eugene () redhat com>
Date: Thu, 14 Jan 2010 11:38:40 +0800
On 01/14/2010 08:54 AM, dann frazier wrote:
Has a CVE been assigned for this issue yet?
Please use CVE-2010-0007. Thanks. Eugene
commit dce766af541f6605fa9889892c0280bab31c66ab Author: Florian Westphal<fwestphal () astaro com> Date: Fri Jan 8 17:31:24 2010 +0100 netfilter: ebtables: enforce CAP_NET_ADMIN normal users are currently allowed to set/modify ebtables rules. Restrict it to processes with CAP_NET_ADMIN. Note that this cannot be reproduced with unmodified ebtables binary because it uses SOCK_RAW. Signed-off-by: Florian Westphal<fwestphal () astaro com> Cc: stable () kernel org Signed-off-by: Patrick McHardy<kaber () trash net>
-- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE Request: kernel ebtables perm check dann frazier (Jan 13)
- Re: CVE Request: kernel ebtables perm check Eugene Teo (Jan 13)