Date: Fri, 03 Jul 2015 14:15:46 +0200 From: Hector Marco-Gisbert <hecmargi@....es> To: Assign a CVE Identifier <cve-assign@...re.org> CC: oss-security@...ts.openwall.com, fulldisclosure@...lists.org Subject: Waiting Mitre response: AMD Bulldozer, Linux ASLR mmap and Offset2lib Hello Mitre, We are still waiting a response about the following security issues: 1) Title : AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Date : March 2015 Advisory : http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html Patch : http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=4e26d11f52684dc8b1632a8cfe450cb5197a8464 2) Title : Linux ASLR mmap weakness: Reducing entropy by half Date : March 2015 Advisory : http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html 3) Title : Offset2lib: bypassing full ASLR on 64bit Linux Date : November 2014 Advisory : http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html Path : https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable/+/d1fd836dcf00d2028c700c7e44d2c23404062c90 Note : We are not sure whether it is a CVE or CWE. Could you please assign a cve number or say something about them ? Thank you, Hector. -- Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de València (Spain)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.