oss-sec mailing list archives
Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability
From: Dan Carpenter <dan.carpenter () oracle com>
Date: Thu, 5 Sep 2013 11:23:49 +0300
On Wed, Sep 04, 2013 at 08:30:05PM -0600, Kurt Seifried wrote:
Please use CVE-2013-4300 for this issue. Stupid Q, any reason why this couldn't be sent to http://oss-security.openwall.org/wiki/mailing-lists/distros to give vendors a heads up (also we can get it a CVE prior to public release then)?
The original patch was sent to netdev and lkml publicly from the start. https://lkml.org/lkml/2013/8/22/462 We do have someone who is supposed to forwarding security bugs from security () kernel org to distros. I'm not on distros but apparently this wasn't happening properly so we've recently assigned another person to help with this. We're reviewing our security policies for the during the kernel summit, in October btw. So far the main points are that people want less secrecy and more public reviews and better testing. Kees wants to keep a record of CVEs in the kernel. https://lists.linuxfoundation.org/pipermail/ksummit-2013-discuss/2013-August/001050.html It's not clear if anything will actually change though. regards, dan carpenter
Current thread:
- CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Agostino Sarubbo (Sep 04)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Kurt Seifried (Sep 04)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Dan Carpenter (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Petr Matousek (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Agostino Sarubbo (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Dan Carpenter (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Kurt Seifried (Sep 04)