Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Jul 2016 12:59:40 -0400 (EDT)
From: cve-assign@...re.org
To: caiqian@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> It was reported that the mount table expands by a power-of-two
> with each bind mount command.

> If the system is configured in the way that a non-root user
> allows bind mount even if with limit number of bind mount
> allowed, a non-root user could cause a local DoS by quickly
> overflow the mount table.

> it will cause a deadlock for the whole system,

>> form of unlimited memory consumption that is causing the problem

Use CVE-2016-6213.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXhnMiAAoJEHb/MwWLVhi25Q4P/ig8NsIq4e7iKjGBPBiX8Esd
rxxdLpmyNfHNqMYelHMtnQXxKlewpg0RanD9tmkeuAcrCsCMrh6dejE1ioPxRhuA
QOkhnjYhT/uFXPocgyf6EvVR9BzMiX7OmDXqaBBAjifbvfw5EqnZqj7Gyc8g0Scn
1/uoL9DLf6USbK8Gmho0r2mxtFf0DvhvtSRPSsw9HQjH7kQEMgzjG0bmOsTyGtWB
XEXERVynveoQmalW2vm+p6TPHHaKrTBrmXPxhgjxynMj1EX6V2j1Om3bQiuJmKUR
1KVN5pewgVy9ZV0Jk4pAVrYO+U0qvLflZBHknceWlz9YzfZyJYKaiv0RH8RwXYfC
P1ezDLsuBNup0tgAx+i++05cIFGFRV4ts60wxNJnUcgE21LAZ6qL8LFjZ1ixA9jM
LjESRjdNw4MeeQOAHt/YzskhP6hTanlZvmLNYyuhZB6a0FXV18xEPVPrlyb5+odD
2w7jTQqBnWfOTYPAaPPDc72n88y+5jxvGVXLBCcswvwIj0kTwUlZHTD+CSEylXlL
apZMLo2tgJ+3SsWuiMaSWfZDL79M2fvLkYZ6KVsnONMGRgjIDAwdvp+VgbIfdWlu
sLS3Rjx9pkjRpt+M6YM7OIIdNYiBgPRZFl6XDv4TIbuA5g/vuJTg44JIJDfj7MiT
iqRuPFgATt2oMZqUmeZu
=8iz3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.