oss-sec mailing list archives
Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages
From: Moritz Muehlenhoff <jmm () debian org>
Date: Sun, 22 Feb 2015 19:54:10 +0100
On Tue, Feb 10, 2015 at 12:13:50PM +0100, Florian Weimer wrote:
On 02/07/2015 12:40 AM, Kurt Seifried wrote:https://bugzilla.redhat.com/show_bug.cgi?id=848949 this may warrant a cveIt was blamed on the kernel and fixed there: <http://marc.info/?l=linux-netdev&m=134582981424588>
MITRE, can you please assign a CVE ID for the kernel, then? This was fixed in 3.6 with http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107be\f Cheers, Moritz
Current thread:
- libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Kurt Seifried (Feb 06)
- Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Florian Weimer (Feb 10)
- Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Moritz Muehlenhoff (Feb 22)
- Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Florian Weimer (Feb 10)