oss-sec mailing list archives
Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption
From: cve-assign () mitre org
Date: Mon, 14 Mar 2016 00:16:32 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://code.google.com/p/google-security-research/issues/detail?id=758 A memory corruption vulnerability exists in the IPT_SO_SET_REPLACE ioctl in the netfilter code for iptables support. This ioctl is can be triggered by an unprivileged user on PF_INET sockets when unprivileged user namespaces are available (CONFIG_USER_NS=y). Android does not enable this option, but desktop/server distributions and Chrome OS will commonly enable this to allow for containers support or sandboxing. [ Correction: IPT_SO_SET_REPLACE is reached via setsockopt, not ioctl ]
one for the issue above, which has been proposed to be addressed by http://marc.info/?l=netfilter-devel&m=145757134822741&w=2
Use CVE-2016-3134.
one for the unsigned integer overflow on 32bit kernels mentioned as an aside at the end of the original report. Proposed fix is http://marc.info/?l=netfilter-devel&m=145757136822750&w=2
Use CVE-2016-3135. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW5jqTAAoJEL54rhJi8gl5l38P/jfH0iB3klwlzPEfSJLcn6eB v/BrY5uicvrZG05V2tcN003AWTvolbkZsBOlAwRO6jGl/mj20DQfuRsjT6ZfXZ0J YEYnObv3f0rkH7lewbPg6wcA2Gp2xX6B5ts+IsHOzMcJ+/rD1GtEn1XJoEAtYxSQ XaSvbgup7Jh6wr5hQnt8z3kqtzjHD57zuwBp3QweJbX4W2wK/Xb2WZNashQSh/As xYWphcFmhdUJZH0l7fl03ru77On+HmDzWNLKbW+TTQ/M7n0MiPSP+X4k3wjM5jEd WOxoa1oasQjGpD9RLphVy1/rF03vwyW3i/Wm3d9vmDDB7hrKxyUGO2wL8ngWQSTx v2VY1/IEwUjigokXvNDPTCqOHz+opSOanZiD1XgBUEyrZdcNTEG2zR9VrxRdlT2C JImh5ncEaYHxeD+i2q0EajfcJt0YHvS3I2mvhlYk7iKJa/ZTRso4JXPt6HmDMrn8 svXwT3fWKePRL/lIIxdEN4vIOi1L80Np3S4eDHbtHuWUuS2wj6mHIJ92jvcCq8IU moSoMHskkmAwI2YjUMzD6BD2O2JDATW/E3xQjpWfU+HrhIQQpEKvxBjNw5Pvl6ei 3cHUgehRgfBfFLE9qofuFS5xACMi1XueIs2NQBnf1nn8koEF5PKFusRUxqZjySq1 BmFYYhLN+jgPq2t2nf6D =iUM4 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Marcus Meissner (Mar 10)
- Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Steve Beattie (Mar 10)
- Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption cve-assign (Mar 13)