Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Nov 2013 14:12:52 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE request: Linux kernel: net: ipvs stack buffer overflow

    Hello,

Linux kernel built with the IP Virtual Server(CONFIG_IP_VS) support is 
vulnerable to a buffer overflow flaw. It could occur while setting or 
retrieving socket options via setsockopt(2) or getsockopt(2) calls. Though a 
user needs to have CAP_NET_ADMIN privileges to perform these IP_VS operations.

A user/program with CAP_NET_ADMIN privileges could use this flaw to further 
escalate their privileges on a system.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb

References:
-----------
  -> http://seclists.org/fulldisclosure/2013/Nov/77
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1030800


Thank you.
--
Prasad J Pandit / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.