Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Mar 2017 09:17:45 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: Lokesh Ubuntu <lokesh.ubuntu@...il.com>, oss-security@...ts.openwall.com
Cc: security@...ntu.com
Subject: Re: CVE-2017-7184: kernel: Local privilege escalation
 in XFRM framework

A PoC is not publicly available for this issue.

Tyler

On 03/29/2017 10:18 PM, Lokesh Ubuntu wrote:
> Is there any POC for this to conclude? Thanks.
> 
> Regards, Lokesh
> 
> On Mar 30, 2017 03:14, "Tyler Hicks" <tyhicks@...onical.com
> <mailto:tyhicks@...onical.com>> wrote:
> 
>     A security issue was reported by ZDI, on behalf of Chaitin Security
>     Research Lab, against the Linux kernel in Ubuntu. It also affected the
>     upstream kernel.
> 
>     Chaitin Security Research Lab discovered that xfrm_replay_verify_len(),
>     as called by xfrm_new_ae(), did not verify that the user-specified
>     replay_window was within the replay state buffer.
> 
>     This allowed for out-of-bounds reads and writes of kernel memory.
>     Chaitin Security showed that this can lead to local privilege escalation
>     by using user namespaces in order to configure XFRM. XFRM configuration
>     requires CAP_NET_ADMIN so this issue is mitigated in kernels which do
>     not enable user namespaces by default.
> 
>     Fixes:
>     -
>     https://git.kernel.org/linus/677e806da4d916052585301785d847c3b3e6186a <https://git.kernel.org/linus/677e806da4d916052585301785d847c3b3e6186a>
>     -
>     https://git.kernel.org/linus/f843ee6dd019bcece3e74e76ad9df0155655d0df <https://git.kernel.org/linus/f843ee6dd019bcece3e74e76ad9df0155655d0df>
> 
>     Tyler
> 
> 




Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ