| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 05 Aug 2013 15:49:08 +0200 From: Nikolay Aleksandrov <nikolay@...hat.com> To: David Miller <davem@...emloft.net> CC: vfalico@...hat.com, netdev@...r.kernel.org, fubar@...ibm.com, andy@...yhouse.net, ebiederm@...ssion.com, joe@...ches.com Subject: Re: [PATCH net-next 0/2] fix bonding neighbour setup handling On 08/03/2013 12:45 AM, David Miller wrote: > > Thanks for the detailed explanation of the situation, it made your patches > trivial to review. > > Applied, thanks. Hi all, Vaeceslav thanks for fixing this. Since the cat is out of the bag about this bug, as Vaeceslav discovered it independently and wasn't aware that there's a CVE number pending because it poses a security threat since the dereferenced first_slave pointer is taken from the struct vlan_dev_priv's ingress_priority map array which is user-controllable and any memory address can be dereferenced in that way, and taking after that first_slave->dev->netdev_ops and calling a function from the ops is making it even easier. Of course for that to happen the user must have CAP_NET_ADMIN. I've tested these patches and they apply cleanly on -net as well, so please queue them for -net and stable. Also apologies for the late reply but it wasn't up to me when to reveal this. Thank you, Nik -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists