Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 12 Feb 2017 19:46:49 +0100
From: Andrey Konovalov <andreyknvl@...gle.com>
To: oss-security@...ts.openwall.com
Subject: Fwd: [scr293903] Linux kernel - upstream

---------- Forwarded message ----------
From:  <cve-request@...re.org>
Date: Sun, Feb 12, 2017 at 7:45 PM
Subject: Re: [scr293903] Linux kernel - upstream
To: andreyknvl@...gle.com
Cc: cve-request@...re.org


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The CVE ID is below. Please clarify whether you want this added to the
public CVE List immediately. You have provided
https://patchwork.ozlabs.org/patch/724136/ as a public reference that
appears to disclose this as a vulnerability, at least if the attacker
can run a local application to make arbitrary system calls. The public
reference does not directly suggest a remote attack: that detail could
be omitted from the public CVE List.


> [Additional Information]
> It's possible to cause a denial of server by sending bad IP options on a socket.
> Potentially this can be triggered remotely.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Denial of service
>
> ------------------------------------------
>
> [Vendor of Product]
> Linux kernel
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Linux kernel - upstream
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Reference]
> https://patchwork.ozlabs.org/patch/724136/
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true

Use CVE-2017-5970.


- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYoK07AAoJEHb/MwWLVhi28REP/id92tkREqUYayj/GcZUN67r
swVR6fvnO0vP7lfVR4iPg5tKRCfM9FkIBU2+OHEXFGzvsXA/jHaabADqqkWOHfGA
QcXx4dz1HJEwGr+ALRVW6YDl7clWIKW9u6zP2Md6EKYPxl5IeeJHvQwCCFGhW4CW
zTdxYnPaSVs8PixpYpF5ZpiVzGL2KM13Ccwbsj7Jkjzz4YzNjWXz5Si3DsDkrD9v
NwGN1DG9q8p+Nab29di55oRSMsx9NqAXzbIKzH93aoykO5gU7PsvwszsAg98NsAY
mcwj/3s+HaZkH6i2Q8UyRfqvZ6JWNr3FGGhfZX+pEnYZ28RF93Ven8+8MrlrSEkm
B/tx0gf7Y3RPvb686ppDpkPK0x5JeOEsMhRHRSF5GKm24Ltev0c+vyEts2KJeAoq
f+8PiFz3T2DIrs3356/sa7ovsQl2+X10vQj/Ai0G4CFC1J+3e9cdqkYPvOR5PlVB
PMArIFpd2FLD/Rt9SmbtWlA6Crtcx/2Ijz29T1BlHIWSxmni1nz1bgnzg3+XhFwL
fnoCy/Wl1b/9Er6+VmY0jzlr66IOAr+5GycnjSfKqQFBEAejuH/vuGQVXP4w3F4q
6Uc1uDVE1onZPIuRgzhEUienWlRnoOOwD1Bdwa1BLEKf0sx+6zr+2gvsvr1dAI27
P8bNrk2iD7/BEvo/GY5O
=Esbo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ