| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20130805.152503.1956742286847859646.davem@davemloft.net> Date: Mon, 05 Aug 2013 15:25:03 -0700 (PDT) From: David Miller <davem@...emloft.net> To: nikolay@...hat.com Cc: vfalico@...hat.com, netdev@...r.kernel.org, fubar@...ibm.com, andy@...yhouse.net, ebiederm@...ssion.com, joe@...ches.com Subject: Re: [PATCH net-next 0/2] fix bonding neighbour setup handling From: Nikolay Aleksandrov <nikolay@...hat.com> Date: Mon, 05 Aug 2013 15:49:08 +0200 > Since the cat is out of the bag about this bug, as Vaeceslav discovered it > independently and wasn't aware that there's a CVE number pending because it > poses a security threat since the dereferenced first_slave pointer is > taken from the struct vlan_dev_priv's ingress_priority map array which is > user-controllable and any memory address can be dereferenced in that way, > and taking after that first_slave->dev->netdev_ops and calling a function > from the ops is making it even easier. Of course for that to happen the > user must have CAP_NET_ADMIN. > I've tested these patches and they apply cleanly on -net as well, so please > queue them for -net and stable. This is why I absolutely detest closed work on bugs, and prefer everything be discussed and implemented openly here on this list, without exceptions, and regardless of perceived "severity" of the bug. Applied to net and queued up for -stable, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists