Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 25 Mar 2014 10:35:44 +0000
From: Ian Campbell <Ian.Campbell@...rix.com>
To: <cve-assign@...re.org>
CC: <security@....org>, <oss-security@...ts.openwall.com>
Subject: Re: Xen Security Advisory 90 - Linux netback crash trying to
 disable due to malformed packet

On Mon, 2014-03-24 at 15:47 -0400, cve-assign@...re.org wrote:
> > XSA-90
> 
> > it tries to disable the interface ... This involves taking a mutex ...
> > sleeping is not allowed ... The end result is that the backend domain
> > (often, Dom0) crashes with "scheduling while atomic". Malicious guest
> > administrators can cause denial of service.
> 
> Use CVE-2014-2580.

Thanks.

> > This bug was publicly reported on xen-devel, before it was appreciated
> > that there was a security problem. The public mailing list thread
> > nevertheless contains information strongly suggestive of a security
> > bug, and a different security bug (with CVE) is suggested as seeming
> > "similar".
> 
> We didn't happen to notice a CVE ID of a similar bug within xen-devel.

The first mail in the thread (<5324B182.70905@...rok.net>) had a link to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701744#88 which was a
bug relating to CVE-2013-0216.

> In some cases, we would use that bug's CVE ID (if available) within a
> "NOTE:" sentence at the end of a new vulnerability's CVE description.
> 
> http://lists.xen.org/archives/html/xen-devel/2014-03/msg02707.html
> says "by removing these checks we are introducing a way for a
> malicious or buggy guest to trigger misbehaviour in the backend,
> leading to e.g. a DoS" but we haven't tried to track down whether that
> is directly applicable.

This was review of a separate patch unrelated to the bug in question.

HTH,

Ian.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.