Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Dec 2015 11:41:18 -0500 (EST)
From: cve-assign@...re.org
To: guoyonggang@....cn
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - Android kernel - IPv6 connect cause a denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> net/ipv4/af_inet.c
> inet_autobind
>
> if (sk->sk_prot->get_port(sk, 0)) {

>> if the sk->sk_prot->get_port is NULL

>> [ an unanticipated condition ]

>> Solution:
>> if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {

>>> From: Hannes Frederic Sowa <hannes@...essinduktion.org>
>>> Date: Wed, 9 Dec 2015 15:31:32 +0100

>>> I fear your solution
>>> just papers over the bug and will leave the port in a half initialized
>>> state.

Use CVE-2015-8543 for the originally identified bug. We realize that,
for example,
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/af_inet.c
has not yet been changed. If Linux kernel developers determine that
multiple independent bugs result in situations where
sk->sk_prot->get_port is NULL above, then it is possible that
additional CVE IDs will be assigned later.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWavwyAAoJEL54rhJi8gl5YFsQAI5IxqeR4wGC8jgddurgDQMC
Ex3f5QsouQMuDD6KUGDy+pfl+oFzT6Y0qj4gE61iIhRUgvU5S6lSa0zBk29hQNDB
smoFCcgd0gqQMwA4ruCQqDA0tGVKdJTvqUb8vkwnU5cQ+6Qi71Qodo9tQxCNiA/U
SLoC4F2AQg/yMMrLhiWiRIg9H/9aLwLeETHfwqRe5wgoGombqiZ/zHn3kO9zvnXx
MFkDmdmjfwUhvtGzxRVOdMl+lDaOij/iehjffqXbwZM8hImHdy8XX/sI4SuZ5HrR
YD40VROb2ZnEXyGuEVW4QoTppelzXNjl008yW3ysagBPIiufRLRMiZ8Oikr5nOn7
Y9Tzftj859V1P4dldk5aB68zWhRiUX6rila45bzz6KgawdEihAldSkvN6zlRX3KD
WVny3XkTmTqItIN9rcT/HOQYBFRfrreU3tz93/w6AZamgKb4Op5gQdFzbRbLBUcP
8PwY1kGEY+MfqgQEFMyy9NP6AdMQBXrTce/Y+xfUWbTM48ordg33+F5nRgx/WPGU
Y7RijZCJcZPd8qi0jkj4Zp1MmRsmWsxssa6zDGsxHC46GiQhfP9OmndYloO/ze4x
jmZ2eALLw2Rta95VM/2upsYIC3YaShz3D7rU563aHuAusbTinkjCyFP0xKkRJDf5
NwVV5z0ou6GVCbxunTbb
=KMi2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ