| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1427225461.3276.1.camel@takeit.se> Date: Tue, 24 Mar 2015 20:31:01 +0100 From: "D. S. Ljungmark" <spider@...eit.se> To: Greg KH <greg@...ah.com> Cc: ljungmark@...io.se, "security@...nel.org" <security@...nel.org>, security <security@...roid.com>, netdev@...r.kernel.org Subject: Re: Responsible Disclosure On tis, 2015-03-24 at 19:45 +0100, Greg KH wrote: > On Tue, Mar 24, 2015 at 12:25:39AM +0100, D. S. Ljungmark wrote: > > On mån, 2015-03-09 at 06:49 +0100, Greg KH wrote: > > > On Mon, Mar 09, 2015 at 01:45:08AM +0100, D. S. Ljungmark wrote: > > > > Hi. > > > > We have developed a somewhat disturbing DoS attack (due to a logic > > > > error) that affects _at least_ : > > > > > > > > Windows 8.1 (32bit) > > > > Mac OS X 10.10 > > > > FreeBSD 10.1 > > > > Linux 3.x (samples between 3.0 => 3.18 tested) > > > > Android (Lollipop) > > > > > > > > Now, we have a problem with reporting this, in that it doesn't only > > > > apply to a single OS/implementation. > > > > > > > > The mitigation is fairly simple ( in lines of code ) and we have a patch > > > > for Linux already. > > > > > > > > There is a working proof of concept, and the cause might be attributed > > > > to a somewhat naive interpretation / concept in an IETF RFC, that has > > > > since been amended, but not fixed in implementations. > > > > > > > > > > > > I am not going to dump this as a bombshell by dropping it on Slashdot or > > > > similar and watching the fallout as many of the worlds shared hosting > > > > services drop offline from malicious usage. > > > > > > > > On the other hand, I'm not going to give certain parts prior knowledge > > > > with example PoC just because they feel privileged and want to delay > > > > this for unreasonable amounts of time. We're all adults here, and know > > > > how to communicate this. > > > > > > > > Who can organize a coherent Review / Analysis / Patch / Disclosure of > > > > this? Where do I start? Who do I contact? > > > > > > > > We're trying to do the right thing here, but there isn't much documented > > > > on how to report cross-platform bugs that has the possibility of causing > > > > larger breakage. > > > > > > The linux-distros mailing list is your best bet. They replaced the old > > > vendor-sec mailing list. They can help you out here with notifying > > > everyone involved and generating a fix properly. > > > > > > Hope this helps, > > > > > > greg k-h > > > > > > Following up with the patch, got an okay from CERT to post it. > > > > Signed-Off-By: D.S. Ljungmark <ljungmark@...io.se> > > What patch? I didn't see anything here :( > > Did you sent it to netdev@...r.kernel.org? > > If not, can you please do so, that way the kernel networking developers > can see it and apply it. > > thanks, > > greg k-h This patch prevents a link-local DoS against ipv6. To exploit, push an RA packet without any routing information, but with the hop limit reduced to 1. //D.S. Ljungmark View attachment "linux-3.18-ipv6-hop_limit.patch" of type "text/x-patch" (897 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists