[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 8 Feb 2021 10:11:05 +0100
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: Remote code execution in connman
Hi,
Tesla has reported a remote (adjacent network) code execution flaw in
connman, a lightweight network manager, to our SUSE colleage and
connman upstream maintainer Daniel Wagner,
https://git.kernel.org/pub/scm/network/connman/connman.git/
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
Mitre has assigned CVE-2021-26675.
The commit fixes a stack buffer overflow that can be used to execute code by network adjacent attackers.
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
Mitre has assigned CVE-2021-26676
Remote stack information leak which can be used to help execute CVE-2021-26675 reliably.
Ciao, Marcus
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
