Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 03 Jul 2015 14:15:46 +0200
From: Hector Marco-Gisbert <hecmargi@....es>
To: Assign a CVE Identifier <cve-assign@...re.org>
CC: oss-security@...ts.openwall.com, fulldisclosure@...lists.org
Subject: Waiting Mitre response: AMD Bulldozer, Linux ASLR mmap and Offset2lib

Hello Mitre,

We are still waiting a response about the following security issues:

1)
    Title    : AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%.
    Date     : March 2015
    Advisory : 
http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html
    Patch    : 
http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=4e26d11f52684dc8b1632a8cfe450cb5197a8464 


2) Title    : Linux ASLR mmap weakness: Reducing entropy by half
    Date     : March 2015
    Advisory : http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html

3) Title    : Offset2lib: bypassing full ASLR on 64bit Linux
    Date     : November 2014
    Advisory : http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
    Path     : 
https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable/+/d1fd836dcf00d2028c700c7e44d2c23404062c90
    Note     : We are not sure whether it is a CVE or CWE.



Could you please assign a cve number or say something about them ?



Thank you,
Hector.


-- 
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ