oss-sec mailing list archives

CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks

From: Andy Lutomirski <luto () amacapital net>
Date: Tue, 22 Apr 2014 14:37:51 -0700

It is possible to reconfigure the network on Linux by calling write(2)
on an appropriately connected network socket.  By passing such a
socket as stdout or stderr to a setuid program, anyone can reconfigure
the network.

Eric Biederman sent patches to netdev containing a possible fix.

-- 
Andy Lutomirski
AMA Capital Management, LLC

Current thread:

CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 22)
- Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 22)
  - Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks cve-assign (Apr 23)
    - Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 23)
    - Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Eric W. Biederman (Apr 23)
  - Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 28)