Date: Fri, 03 Jul 2015 14:15:46 +0200 From: Hector Marco-Gisbert <hecmargi@....es> To: Assign a CVE Identifier <cve-assign@...re.org> CC: oss-security@...ts.openwall.com, fulldisclosure@...lists.org Subject: Waiting Mitre response: AMD Bulldozer, Linux ASLR mmap and Offset2lib Hello Mitre, We are still waiting a response about the following security issues: 1) Title : AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Date : March 2015 Advisory : http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html Patch : http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=4e26d11f52684dc8b1632a8cfe450cb5197a8464 2) Title : Linux ASLR mmap weakness: Reducing entropy by half Date : March 2015 Advisory : http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html 3) Title : Offset2lib: bypassing full ASLR on 64bit Linux Date : November 2014 Advisory : http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html Path : https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable/+/d1fd836dcf00d2028c700c7e44d2c23404062c90 Note : We are not sure whether it is a CVE or CWE. Could you please assign a cve number or say something about them ? Thank you, Hector. -- Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de València (Spain)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ