oss-sec mailing list archives

Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages

From: Moritz Muehlenhoff <jmm () debian org>
Date: Sun, 22 Feb 2015 19:54:10 +0100

On Tue, Feb 10, 2015 at 12:13:50PM +0100, Florian Weimer wrote:

On 02/07/2015 12:40 AM, Kurt Seifried wrote:

https://bugzilla.redhat.com/show_bug.cgi?id=848949

this may warrant a cve


It was blamed on the kernel and fixed there:

  <http://marc.info/?l=linux-netdev&m=134582981424588>


MITRE, can you please assign a CVE ID for the kernel, then?

This was fixed in 3.6 with
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107be\f

Cheers,
        Moritz

Current thread:

libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Kurt Seifried (Feb 06)
- Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Florian Weimer (Feb 10)
  - Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Moritz Muehlenhoff (Feb 22)
    - Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages - Linux kernel cve-assign (Feb 26)