Date: Thu, 10 Mar 2016 10:25:49 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com>, cve-assign@...re.org Subject: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Hi, >From the P0 team at Google: https://code.google.com/p/google-security-research/issues/detail?id=758 A memory corruption vulnerability exists in the IPT_SO_SET_REPLACE ioctl in the netfilter code for iptables support. This ioctl is can be triggered by an unprivileged user on PF_INET sockets when unprivileged user namespaces are available (CONFIG_USER_NS=y). Android does not enable this option, but desktop/server distributions and Chrome OS will commonly enable this to allow for containers support or sandboxing. ... I think this needs a CVE. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.