oss-sec mailing list archives

CVE Request: Linux kernel - Denial of service in notify_change for xattrs.

From: Wade Mealing <wmealing () redhat com>
Date: Thu, 22 Jan 2015 23:05:35 -0500 (EST)

I'd like to request a CVE for an issue brought up on this list on Jan 17th 2015.  I did not
see one created for this issue titled:

"Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks"

http://www.openwall.com/lists/oss-security/2015/01/21/3t

This issue can be classified as a denial of service.

Example:

[wmealing]$ ping -c1  www.google.com
PING www.google.com (216.58.220.100) 56(84) bytes of data.
64 bytes from syd10s01-in-f4.1e100.net (216.58.220.100): icmp_seq=1 ttl=51 time=14.1 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 14.162/14.162/14.162/0.000 ms

[wmealing]$ chown root:root /usr/bin/ping
chown: changing ownership of ‘/usr/bin/ping’: Operation not permitted

[wmealing]$ ping www.google.com
ping: icmp open socket: Operation not permitted

This can cause a denial of service for applications which use the capabilities subsystem such as
pirahnah (arping), netconsole (arping), some kdump implementations, etc.

Thank you.

Wade Mealing -- Red Hat Product Security

Current thread:

CVE Request: Linux kernel - Denial of service in notify_change for xattrs. Wade Mealing (Jan 22)
- Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs. cve-assign (Jan 24)