Date: Mon, 28 Apr 2014 11:38:12 -0700 From: Andy Lutomirski <luto@...capital.net> To: oss-security@...ts.openwall.com Subject: Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks On Tue, Apr 22, 2014 at 8:01 PM, Andy Lutomirski <luto@...capital.net> wrote: > On Apr 22, 2014 2:37 PM, "Andy Lutomirski" <luto@...capital.net> wrote: >> >> It is possible to reconfigure the network on Linux by calling write(2) >> on an appropriately connected network socket. By passing such a >> socket as stdout or stderr to a setuid program, anyone can reconfigure >> the network. > > s/network socket/netlink socket The fix is here: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e It depends on a few commits immediately preceding it as well as https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=78541c1dc60b65ecfce5a6a096fc260219d6784e. So far the fix has not made it to Linus' tree or to -stable. --Andy
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ