Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <201402072111.s17LBWm7028357@linus.mitre.org>
Date: Fri, 7 Feb 2014 16:11:32 -0500 (EST)
From: cve-assign@...re.org
To: security@....org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are the four CVE assignments for XSA-84 (as well as the
one CVE assignment for XSA-85 and the one CVE assignment for XSA-86).

> http://xenbits.xen.org/xsa/advisory-84.html
> XSA-84

> The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID
> suboperations of the flask hypercall are vulnerable to an integer
> overflow on the input size. The hypercalls attempt to allocate a
> buffer which is 1 larger than this size and is therefore vulnerable to
> integer overflow and an attempt to allocate then access a zero byte
> buffer.

Use CVE-2014-1891.


> Xen 3.3 through 4.1 ... expose unreasonably large memory allocation
> to arbitrary guests.

Use CVE-2014-1892.


> Xen 3.3 through 4.1, while not affected by the above overflow, have a
> different overflow issue on FLASK_{GET,SET}BOOL

Use CVE-2014-1893.


> Xen 3.2 (and presumably earlier) exhibit both problems, with the
> overflow issue being present for more than just the suboperations
> listed above.

the part of the 3.2 problems associated with the first overflow, for
FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID, is within
the scope of CVE-2014-1891

the part of the 3.2 problems associated with unreasonably large memory
allocation is within the scope of CVE-2014-1892

the part of the 3.2 problems associated with the second overflow, for
FLASK_{GET,SET}BOOL, is within the scope of CVE-2014-1893

all other vectors (e.g., other suboperations) that can lead to integer
overflows in 3.2, even if they are related to the first overflow or
related to the second overflow, have CVE-2014-1894 assigned now


> http://xenbits.xen.org/xsa/advisory-85.html
> XSA-85
> Off-by-one error in FLASK_AVC_CACHESTAT hypercall

Use CVE-2014-1895.


> http://xenbits.xen.org/xsa/advisory-86.html
> XSA-86
> libvchan failure handling malicious ring indexes

Use CVE-2014-1896.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS9UueAAoJEKllVAevmvms9ssIALQ0vssHk8Uuf85hjGAYF7O5
UsetuaIyFYwy7U1xRxpwW9YEWoMELtylpOHViZUBpjMAPjmO4rXNs4J/avcfnh/J
PPD3vl9aoUfA0hFqaR0jAIPld89SbOZA6Fvs23KcU3F9KOVvaD//3RBe3ticeSNQ
N4QlRw1Cu9pQSveu3B9a6yt4OmQkuuWPSRu7KBUACohRF73JCZCN3TeUe7RqGp/L
r9uN5hbsPCqnW2W4FPmQVGaD5BmrlETYcJM1YkdUoLVCeR+Fi0iyPZtrKMTUZ4h8
XzAEovLRX7un3BbzxTifyls4Z/oQrD0cQ1QE1cGAA6kqYphK8h1VMUFGwXMpZDE=
=yP8u
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.