Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call

[Mario Pirker <mpirker () linux com>]

For completeness - here is a link to the advisory released by NCC Group:
https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt

Thanks.
Mario

> Am 29.09.2016 um 15:45 schrieb Greg KH <greg () kroah com>:
>
> On Thu, Sep 29, 2016 at 07:43:35AM +0000, 张谦 wrote:
> > Hi there,
> >
> > I found a memory corruption vulnerabiliry in Linux kernel through 4.6.2, and I
> > have a working exploit to escalade privileges which requires the ip6_tables
> > module to be loaded, that it is properly blocked on all up-to-date versions.
> >
> > Due to the number of users running vulnerable code(not update to 4.7 or
> > higher), and that this exploit is only available to security researchers and
> > kernel packagers upon request but that I don't want it to spread.
> >
> >
> >
> > I have reported this issue to Linux kernel official and they have already fixed
> > this.
>
> Note, this was fixed many months ago, in May of 2016, and went into the
> stable kernel updates in June, 2016.  Any distro that updated to the
> stable kernel updates received this fix then.
>
> Any distro that hasn't updated their kernel since then, well, you need
> to revaluate your trust of such a distro :)
>
> thanks,
>
> greg k-h

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail