Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 29 Sep 2016 16:23:57 +0200
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Cc: "cve-assign@...re.org" <cve-assign@...re.org>
Subject: Re: CVE request - Linux kernel through 4.6.2 allows
 escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call

On Fri, Sep 30, 2016 at 12:14:04AM +1000, Vitaly Nikolenko wrote:
> Wasn't this already covered by CVE-2016-4997? There's a public exploit
> 
> https://www.exploit-db.com/exploits/40049/
> 
> I'm assuming for IPv6 this would be exactly the same except for
> changing the setsockopt optname from IPT_SO_SET_REPLACE to
> IP6T_SO_SET_REPLACE. The code path for IPv6 looks almost identical
> unless I'm missing something?
> 
> Commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c included fixes for
> ARP, IP and IPv6 and my assumption was that CVE-2016-4997 covered all
> of them.

I knew this looked familiar, thanks for bringing this up.

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.