Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20160111174311.7B06D6C00D9@smtpvmsrv1.mitre.org>
Date: Mon, 11 Jan 2016 12:43:11 -0500 (EST)
From: cve-assign@...re.org
To: wmealing@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux kernel - SCTP denial of service during heartbeat timeout functions.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A case can occur when sctp_accept() is called by the user during
> a heartbeat timeout event after the 4-way handshake.  Since
> sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the
> bh_sock_lock in sctp_generate_heartbeat_event() will be taken with
> the listening socket but released with the new association socket.
> The result is a deadlock on any future attempts to take the listening
> socket lock.

> Ensure the socket taken is also the same one that is released by
> saving a copy of the socket before entering the timeout event
> critical section.

> https://bugzilla.redhat.com/show_bug.cgi?id=1297389
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/sctp/sm_sideeffect.c?id=635682a14427d241bab7bbdeebb48a7d7b91638e

Use CVE-2015-8767.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWk+k+AAoJEL54rhJi8gl5nzEP/R0YgH6KMRbLsizjooACajGq
DEFdPkZnEKKUY846dC5wE7FOv9REuXCqAxszvg9M5r+Oje7riOKJl5pnFSvC5abx
zgUWCjdKgOOZE74YKfsNPd6EVh6qmhPvJ7y5/hNW6zYqLOEJhqlk9Gkfqmx/0O2A
941849R/aPvsZ4Wcg/MvmEk7kuol8LcufauXAQyUWc5cAFnwHPtsyvlpLFcoOU30
QwYqTPVx2NzOuYN/aoJlIZyAzcuacp/RLrBW2VOL6fOA8FNFexDf0G0yWM5xSbab
DRPqY/eNx1iOzQUNFOi8tVdc//HrQXemM3vIdesJc2/BVWiNslhTdkc9m7IRou0i
reBUqqqjkBaHjzN6dHYCqw8O1H9Nsdv0Z8nKAzzoaGSO4TuXlxj/sjbbolfQpg2B
0QUhbkB977ARyxrUjnstL9jyBoXxJGLanSByq7imsXBjSCWyhs9k3BkUsjwavE8J
thNB1ULSn4KbeGHrIM1jj3qAVIvQtwa+cUWp0CXHPN+oevH+kUCGJK2fpb+t9g1b
s3w4uLyXeMEoHKjn1jrwO4jl8L17f7uGMUXpxPV0bWuLg182V4zvf2WekfvzKGgB
McFeoNTpUCvg8lM5eja0rR5GjAyR1zJR2xc/zQsDBmFMITJcmOk7ZXYTbMuxfu3c
/IrELQSgNN9Svqk1Rjyg
=CDOr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.