Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Dec 2013 19:16:01 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE request: Linux kernel: net: fib: fib6_add: potential NULL pointer
 dereference

    Hello,

Linux kernel built with the IPv6 protocol(CONFIG_IPv6) along with the IPv6 
source address based routing support(CONFIG_IPV6_SUBTREE) is vulnerable to a 
NULL pointer dereference flaw. It could occur while doing an ioctl(SIOCADDRT) 
call on an IPv6 socket. User would need to have CAP_NET_ADMIN privileges to 
perform such a call.

A user/program with CAP_NET_ADMIN privileges could use this flaw to crash a
system resulting in DoS.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1039054


Thank you.
--
Prasad J Pandit / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.