Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Feb 2015 02:34:24 -0500 (EST)
From: cve-assign@...re.org
To: jmm@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages - Linux kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> can you please assign a CVE ID for the kernel
> 
> This was fixed in 3.6 with
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef

We haven't seen anyone object to that type of CVE assignment, so use
CVE-2012-6689 for this Linux kernel issue.

(There may be an alternative viewpoint that the issue, or at least the
patch, was a security/functionality tradeoff.
http://marc.info/?l=linux-netdev&m=134522422125983&w=2 says "The
second tries to address netlink spoofing for non-root processes from
the kernel while disabling the ability of two processes to
communicate. Yes, this may be controversial I guess." This refers to
the http://marc.info/?l=linux-netdev&m=134522422925986&w=2 patch.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU8B0KAAoJEKllVAevmvmshZUH/3rdgF/TqUhinOrKRcS3Kv/N
x9e5h3g5i5bqMOKffu/09gWx/3MdVLpVTY67WBdZNnLsq0CBm2kDdq9HNcy/i5LT
T5bxZUxiZtG023MYOP27dwI+DZvcikdY89C1yVoLzKWHDhb2z27UXbct9X36jFGG
YiPdMXABtqd6Hbp1QMVWTvCrDz+RDVvoJtL29dUxYb2jBS7koW6pPIlWp4vyzF0j
KaouZ6jZ8U7kH1/BlLDZ64TsBviryT24O4aJza+muGTeOJgzKbbrqreNA+cGNISQ
2ZGxctQgRZClO56nS+Bhb3NAFAmlT7sZHaRV06FMXOAqw/QroqjVQIQ2tkpM1/Q=
=Hy74
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ