oss-sec mailing list archives
Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages - Linux kernel
From: cve-assign () mitre org
Date: Fri, 27 Feb 2015 02:34:24 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
can you please assign a CVE ID for the kernel This was fixed in 3.6 with http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef
We haven't seen anyone object to that type of CVE assignment, so use CVE-2012-6689 for this Linux kernel issue. (There may be an alternative viewpoint that the issue, or at least the patch, was a security/functionality tradeoff. http://marc.info/?l=linux-netdev&m=134522422125983&w=2 says "The second tries to address netlink spoofing for non-root processes from the kernel while disabling the ability of two processes to communicate. Yes, this may be controversial I guess." This refers to the http://marc.info/?l=linux-netdev&m=134522422925986&w=2 patch.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU8B0KAAoJEKllVAevmvmshZUH/3rdgF/TqUhinOrKRcS3Kv/N x9e5h3g5i5bqMOKffu/09gWx/3MdVLpVTY67WBdZNnLsq0CBm2kDdq9HNcy/i5LT T5bxZUxiZtG023MYOP27dwI+DZvcikdY89C1yVoLzKWHDhb2z27UXbct9X36jFGG YiPdMXABtqd6Hbp1QMVWTvCrDz+RDVvoJtL29dUxYb2jBS7koW6pPIlWp4vyzF0j KaouZ6jZ8U7kH1/BlLDZ64TsBviryT24O4aJza+muGTeOJgzKbbrqreNA+cGNISQ 2ZGxctQgRZClO56nS+Bhb3NAFAmlT7sZHaRV06FMXOAqw/QroqjVQIQ2tkpM1/Q= =Hy74 -----END PGP SIGNATURE-----
Current thread:
- libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Kurt Seifried (Feb 06)
- Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Florian Weimer (Feb 10)
- Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Moritz Muehlenhoff (Feb 22)
- Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages - Linux kernel cve-assign (Feb 26)
- Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Moritz Muehlenhoff (Feb 22)
- Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Florian Weimer (Feb 10)