Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 7 Feb 2014 16:11:32 -0500 (EST)
From: cve-assign@...re.org
To: security@....org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are the four CVE assignments for XSA-84 (as well as the
one CVE assignment for XSA-85 and the one CVE assignment for XSA-86).

> http://xenbits.xen.org/xsa/advisory-84.html
> XSA-84

> The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID
> suboperations of the flask hypercall are vulnerable to an integer
> overflow on the input size. The hypercalls attempt to allocate a
> buffer which is 1 larger than this size and is therefore vulnerable to
> integer overflow and an attempt to allocate then access a zero byte
> buffer.

Use CVE-2014-1891.


> Xen 3.3 through 4.1 ... expose unreasonably large memory allocation
> to arbitrary guests.

Use CVE-2014-1892.


> Xen 3.3 through 4.1, while not affected by the above overflow, have a
> different overflow issue on FLASK_{GET,SET}BOOL

Use CVE-2014-1893.


> Xen 3.2 (and presumably earlier) exhibit both problems, with the
> overflow issue being present for more than just the suboperations
> listed above.

the part of the 3.2 problems associated with the first overflow, for
FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID, is within
the scope of CVE-2014-1891

the part of the 3.2 problems associated with unreasonably large memory
allocation is within the scope of CVE-2014-1892

the part of the 3.2 problems associated with the second overflow, for
FLASK_{GET,SET}BOOL, is within the scope of CVE-2014-1893

all other vectors (e.g., other suboperations) that can lead to integer
overflows in 3.2, even if they are related to the first overflow or
related to the second overflow, have CVE-2014-1894 assigned now


> http://xenbits.xen.org/xsa/advisory-85.html
> XSA-85
> Off-by-one error in FLASK_AVC_CACHESTAT hypercall

Use CVE-2014-1895.


> http://xenbits.xen.org/xsa/advisory-86.html
> XSA-86
> libvchan failure handling malicious ring indexes

Use CVE-2014-1896.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS9UueAAoJEKllVAevmvms9ssIALQ0vssHk8Uuf85hjGAYF7O5
UsetuaIyFYwy7U1xRxpwW9YEWoMELtylpOHViZUBpjMAPjmO4rXNs4J/avcfnh/J
PPD3vl9aoUfA0hFqaR0jAIPld89SbOZA6Fvs23KcU3F9KOVvaD//3RBe3ticeSNQ
N4QlRw1Cu9pQSveu3B9a6yt4OmQkuuWPSRu7KBUACohRF73JCZCN3TeUe7RqGp/L
r9uN5hbsPCqnW2W4FPmQVGaD5BmrlETYcJM1YkdUoLVCeR+Fi0iyPZtrKMTUZ4h8
XzAEovLRX7un3BbzxTifyls4Z/oQrD0cQ1QE1cGAA6kqYphK8h1VMUFGwXMpZDE=
=yP8u
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ