Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Dec 2015 11:41:18 -0500 (EST)
From: cve-assign@...re.org
To: guoyonggang@....cn
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - Android kernel - IPv6 connect cause a denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> net/ipv4/af_inet.c
> inet_autobind
>
> if (sk->sk_prot->get_port(sk, 0)) {

>> if the sk->sk_prot->get_port is NULL

>> [ an unanticipated condition ]

>> Solution:
>> if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {

>>> From: Hannes Frederic Sowa <hannes@...essinduktion.org>
>>> Date: Wed, 9 Dec 2015 15:31:32 +0100

>>> I fear your solution
>>> just papers over the bug and will leave the port in a half initialized
>>> state.

Use CVE-2015-8543 for the originally identified bug. We realize that,
for example,
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/af_inet.c
has not yet been changed. If Linux kernel developers determine that
multiple independent bugs result in situations where
sk->sk_prot->get_port is NULL above, then it is possible that
additional CVE IDs will be assigned later.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWavwyAAoJEL54rhJi8gl5YFsQAI5IxqeR4wGC8jgddurgDQMC
Ex3f5QsouQMuDD6KUGDy+pfl+oFzT6Y0qj4gE61iIhRUgvU5S6lSa0zBk29hQNDB
smoFCcgd0gqQMwA4ruCQqDA0tGVKdJTvqUb8vkwnU5cQ+6Qi71Qodo9tQxCNiA/U
SLoC4F2AQg/yMMrLhiWiRIg9H/9aLwLeETHfwqRe5wgoGombqiZ/zHn3kO9zvnXx
MFkDmdmjfwUhvtGzxRVOdMl+lDaOij/iehjffqXbwZM8hImHdy8XX/sI4SuZ5HrR
YD40VROb2ZnEXyGuEVW4QoTppelzXNjl008yW3ysagBPIiufRLRMiZ8Oikr5nOn7
Y9Tzftj859V1P4dldk5aB68zWhRiUX6rila45bzz6KgawdEihAldSkvN6zlRX3KD
WVny3XkTmTqItIN9rcT/HOQYBFRfrreU3tz93/w6AZamgKb4Op5gQdFzbRbLBUcP
8PwY1kGEY+MfqgQEFMyy9NP6AdMQBXrTce/Y+xfUWbTM48ordg33+F5nRgx/WPGU
Y7RijZCJcZPd8qi0jkj4Zp1MmRsmWsxssa6zDGsxHC46GiQhfP9OmndYloO/ze4x
jmZ2eALLw2Rta95VM/2upsYIC3YaShz3D7rU563aHuAusbTinkjCyFP0xKkRJDf5
NwVV5z0ou6GVCbxunTbb
=KMi2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.