Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 29 Aug 2012 12:28:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Raphael Geissert <geissert@...ian.org>, secteam@...ebsd.org
Subject: Re: CVE request: FreeBSD SCTP remote DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/28/2012 01:39 PM, Raphael Geissert wrote:
> On Tuesday 28 August 2012 03:50:41 Simon L. B. Nielsen wrote:
>> On Tue, Aug 28, 2012 at 7:25 AM, Raphael Geissert
>> <geissert@...ian.org>
> wrote:
>>> There appears to be a remote DoS (via a NULL pointer
>>> dereference in the kernel) vulnerability in FreeBSD's SCTP
>>> implementation[1].
>>> 
>>> Has a CVE id been assigned to it already?
>>> 
>>> [1]http://www.exploit-db.com/exploits/20226/
>> 
>> I don't think have one gotten assigned, but probably should.
>> Probably best to go to Mitre to make sure we don't accidentally
>> get a duplicate. Feel free to requeste one, or I can do it later.
>> Please cc: secteam@...ebsd.org on any request to minimize risk of
>> confusion.
> 
> Kurt, could you please assign one?
> 
> Thanks in advance.
> 
> Kind regards,

Sorry thought this was going to mitre, had to make sure they didn't
assign one yet.

Please use CVE-2012-3549 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQPl9RAAoJEBYNRVNeJnmTs7YP/3g+fl8JXye6WO1l5fP+nWnq
y5DCW/QPKyrDjCIBZaMkdwSJoULWmoZTYg60atYyvmYIIOIJ0rny0JRVmJzFbTni
lz0rOQFZz4W1X0AJicHx2B08ItB2Gpza1kMW0YlTH3fL5Mm+mt1e87r6/GSxgNHr
JvA5Dw/3FF8p4MnRsDyDhgWicHUFi5Ir42q3vWk/EUqGvx9g4lHZrDQ9Be0yAP/4
ebQt3w6/wnMgEL4FS15f5KswZKZ3lesFgNTY8I2xPv0GqUHryyf3I3VSdACB/kqm
L/I0KOADP1yTL3eViIs7Jn6kuUYo74K9PDXT6SI0mkkJPXkbEUpquh8rtdkXxN6l
samtvfNCFaGbgStXO4F3SEMBaojkgnWp9/KkdfaQV/VPOG+rUVR/yX7YRuDDcpU9
eeeuJuumzMXbqrYBmt1oh5SYefxD/2MRRjb56VkP6MncbKMCIsAz+vFGCXrpO9a3
4dzDZ/wxV93tSP48SQzvEhQCIyuFZqfahyKgDx5u1D0H5asY2qLEHeo8ZFQsGMlP
gmLejzhlZterpdFRB/++zmwkst58Wyj1PtEhsOpYooRHSeUv8WBmJCHJLFzV/3nA
3Rm+uhw1D/MNUnNigYh/8IsLanidOkLvIOGrKhVv2UyiwuJ0U3hA4aXGbgxXr+aj
1l1yZmn1KTLlP3kpT6Fo
=WlKT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ