oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages - Linux kernel

From: cve-assign () mitre org
Date: Fri, 27 Feb 2015 02:34:24 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


can you please assign a CVE ID for the kernel

This was fixed in 3.6 with
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef


We haven't seen anyone object to that type of CVE assignment, so use
CVE-2012-6689 for this Linux kernel issue.

(There may be an alternative viewpoint that the issue, or at least the
patch, was a security/functionality tradeoff.
http://marc.info/?l=linux-netdev&m=134522422125983&w=2 says "The
second tries to address netlink spoofing for non-root processes from
the kernel while disabling the ability of two processes to
communicate. Yes, this may be controversial I guess." This refers to
the http://marc.info/?l=linux-netdev&m=134522422925986&w=2 patch.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU8B0KAAoJEKllVAevmvmshZUH/3rdgF/TqUhinOrKRcS3Kv/N
x9e5h3g5i5bqMOKffu/09gWx/3MdVLpVTY67WBdZNnLsq0CBm2kDdq9HNcy/i5LT
T5bxZUxiZtG023MYOP27dwI+DZvcikdY89C1yVoLzKWHDhb2z27UXbct9X36jFGG
YiPdMXABtqd6Hbp1QMVWTvCrDz+RDVvoJtL29dUxYb2jBS7koW6pPIlWp4vyzF0j
KaouZ6jZ8U7kH1/BlLDZ64TsBviryT24O4aJza+muGTeOJgzKbbrqreNA+cGNISQ
2ZGxctQgRZClO56nS+Bhb3NAFAmlT7sZHaRV06FMXOAqw/QroqjVQIQ2tkpM1/Q=
=Hy74
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: