oss-sec mailing list archives
Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam
From: Solar Designer <solar () openwall com>
Date: Sat, 2 May 2015 16:40:14 +0300
On Sat, May 02, 2015 at 09:18:23PM +0800, Wen Xu wrote:
Really sorry, what you said is all right. Actually we've successfully seen the potential that we can take advantage of this bug to achieve privilege escalation (root) on android (both 32bit/64bit)(>=4.3), even on android 64bit, the list poison value is 0x200200 which can be mapped ;) That's why we think this vulnerability is high-threat.
Oh, so Android 4.3+ enables ping sockets for all apps by default? I have mixed feelings about that.
For linux PC, the normal user does not have the privilege to create a icmp(ping) socket, I agree with your analysis including on PC, the dead value is 0xdead000000000000. And also it does not exist in some versions and distributions, I write the mail in a hurry and do not explain it in detail ;) Sorry for my mistakes again.
I found no mistakes on your part - just too brief a message requiring further analysis to determine actual impact of the bug. The bug does exist in all currently supported upstream kernel versions, as you say, even if its security relevance varies from none to full local privesc across archs and distros.
So as you said MITRE could give us a CVE ID? That's nice, so where could I get informed when it is given? ;)
I expect they will post to oss-security. Just give them some days. So, who's to post a patch to LKML to adjust default LIST_POISON*? Vasily? Alexander
Current thread:
- CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Wen Xu (May 02)
- Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Solar Designer (May 02)
- Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Wen Xu (May 02)
- Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Solar Designer (May 02)
- Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Vasily Kulikov (May 06)
- Linux kernel pointer poisoning (was: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam) Vasily Kulikov (May 07)
- Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Wen Xu (May 02)
- Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam cve-assign (May 02)
- Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam Solar Designer (May 02)