Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 9 May 2014 16:44:22 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05ab8f2647e4221cbdb3856dd7d32bd5407316b3

> The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to
> check for a minimal message length

Use CVE-2014-3144.

(The _NEST variant was introduced at a later time, but the affected
code is somewhat analogous, and the lack of an skb->len check for the
_NEST variant probably can't be considered an independent mistake
relative to the lack of an skb->len check in the earlier code.)


> The remainder calculation for the BPF_S_ANC_NLATTR_NEST extension is
> also wrong. It has the minuend and subtrahend mixed up

Use CVE-2014-3145.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTbT2+AAoJEKllVAevmvmsr2AH/ihcjVIL8rg9t7OIyI/+4Ht2
qR9sEO7tkHP4GUMKI1FodU94HMhtdAO4PNzAx4jKyPiaFBNvKK4QP5/1Mhy0dFf4
ytuARfTkCMmWnkK/Z5OC4XQHfQWeZkjrdp14B81t0E2RrPv+FrScTTP68A6Ytd5h
l9x2cf0U1ahOHqzX9r/ZyhEn0RPWSdc0RGZfcuLJP/QhcktCTmaJehFjq+K2UvAi
AkVgeXhQZTXtF7lPBDAL4sHiFVwbtHmOnRuk9CuXClV1/D0fbFSV34tyaR8cQ5Sv
XAEI96yT+QZ3jMQW1FNhkYpNSoikTOb/vatOrCYqxJgP8wtF2KWc9Y1A98XoO5I=
=0cjW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ