Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 May 2015 18:31:12 +0800
From: Wen Xu <hotdog3645@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE request for a fixed bug existed in all versions of linux kernel
 from KeenTeam

Hi,
Recently we found a use-after-free bug which can lead to kernel arbitrary
execution in Linux kernel.
The bug was reported to the linux security group and it has been fixed.(commit
a134f083e79f ("ipv4: Missing sk_nulls_node_init() in ping_unhash()"). You
can find the fix commit here:
https://github.com/torvalds/linux/commit/6c3c1eb3c35e8856d6dcb01b412316a676f58bbe
The bug exists in all versions of linux kernel. And the credit is to Wen Xu
and wushi of KeenTeam.
I am looking forward to your reply.

Thanks,
Wen Xu @ Keen Team



---------- Forwarded message ----------
From: Willy Tarreau <w@....eu>
Date: 2015-05-02 15:43 GMT+08:00
Subject: Re: Socket Vulnerability Report (Lead to kernel arbitrary
execution) from KeenTeam
To: Wen Xu <hotdog3645@...il.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>, David Miller <
davem@...emloft.net>, "security@...nel.org" <security@...nel.org>


On Sat, May 02, 2015 at 02:50:32PM +0800, Wen Xu wrote:
> Many thanks, we've already seen the patch commit ;)
> By the way, as security researchers, if we want a CVE number for this ping
> socket bug, where could we request for? What's the routine process for
this?

Now that the fix is public, you should ask oss-security, someone there
should provide you with one.

Thanks,
Willy

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ