oss-sec mailing list archives
Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call
From: Greg KH <greg () kroah com>
Date: Thu, 29 Sep 2016 16:23:57 +0200
On Fri, Sep 30, 2016 at 12:14:04AM +1000, Vitaly Nikolenko wrote:
Wasn't this already covered by CVE-2016-4997? There's a public exploit https://www.exploit-db.com/exploits/40049/ I'm assuming for IPv6 this would be exactly the same except for changing the setsockopt optname from IPT_SO_SET_REPLACE to IP6T_SO_SET_REPLACE. The code path for IPv6 looks almost identical unless I'm missing something? Commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c included fixes for ARP, IP and IPv6 and my assumption was that CVE-2016-4997 covered all of them.
I knew this looked familiar, thanks for bringing this up. greg k-h
Current thread:
- CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call 张谦 (Sep 29)
- Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Greg KH (Sep 29)
- Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Mario Pirker (Sep 29)
- Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Vitaly Nikolenko (Sep 29)
- Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Greg KH (Sep 29)
- Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Quentin Casasnovas (Sep 29)
- Re: CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call Greg KH (Sep 29)