Date: Mon, 8 Feb 2021 10:11:05 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: Remote code execution in connman Hi, Tesla has reported a remote (adjacent network) code execution flaw in connman, a lightweight network manager, to our SUSE colleage and connman upstream maintainer Daniel Wagner, https://git.kernel.org/pub/scm/network/connman/connman.git/ https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb Mitre has assigned CVE-2021-26675. The commit fixes a stack buffer overflow that can be used to execute code by network adjacent attackers. https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa Mitre has assigned CVE-2021-26676 Remote stack information leak which can be used to help execute CVE-2021-26675 reliably. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.