Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Jan 2015 23:05:35 -0500 (EST)
From: Wade Mealing <wmealing@...hat.com>
To: cve-assign@...re.org, OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE Request: Linux kernel - Denial of service in notify_change for
 xattrs.

I'd like to request a CVE for an issue brought up on this list on Jan 17th 2015.  I did not
see one created for this issue titled:

"Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks"

http://www.openwall.com/lists/oss-security/2015/01/21/3t

This issue can be classified as a denial of service.

Example:

[wmealing]$ ping -c1  www.google.com
PING www.google.com (216.58.220.100) 56(84) bytes of data.
64 bytes from syd10s01-in-f4.1e100.net (216.58.220.100): icmp_seq=1 ttl=51 time=14.1 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 14.162/14.162/14.162/0.000 ms

[wmealing]$ chown root:root /usr/bin/ping
chown: changing ownership of ‘/usr/bin/ping’: Operation not permitted

[wmealing]$ ping www.google.com
ping: icmp open socket: Operation not permitted

This can cause a denial of service for applications which use the capabilities subsystem such as
pirahnah (arping), netconsole (arping), some kdump implementations, etc.

Thank you.

Wade Mealing -- Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ