Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 03 Jul 2015 14:15:46 +0200
From: Hector Marco-Gisbert <hecmargi@....es>
To: Assign a CVE Identifier <cve-assign@...re.org>
CC: oss-security@...ts.openwall.com, fulldisclosure@...lists.org
Subject: Waiting Mitre response: AMD Bulldozer, Linux ASLR mmap and Offset2lib

Hello Mitre,

We are still waiting a response about the following security issues:

1)
    Title    : AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%.
    Date     : March 2015
    Advisory : 
http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html
    Patch    : 
http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=4e26d11f52684dc8b1632a8cfe450cb5197a8464 


2) Title    : Linux ASLR mmap weakness: Reducing entropy by half
    Date     : March 2015
    Advisory : http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html

3) Title    : Offset2lib: bypassing full ASLR on 64bit Linux
    Date     : November 2014
    Advisory : http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
    Path     : 
https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable/+/d1fd836dcf00d2028c700c7e44d2c23404062c90
    Note     : We are not sure whether it is a CVE or CWE.



Could you please assign a cve number or say something about them ?



Thank you,
Hector.


-- 
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.