Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20160818033657.BE627B2E01B@smtpvbsrv1.mitre.org>
Date: Wed, 17 Aug 2016 23:36:57 -0400 (EDT)
From: cve-assign@...re.org
To: marco.gra@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> this program will cause a use after free of read 4 in
> tcp_xmit_retransmit_queue or other tcp_ functions, often in another totally
> unrelated process.

> tested on master available at the
> time of writing and on 4.8 rc1

> [   21.446876] BUG: KASAN: use-after-free in
> tcp_xmit_retransmit_queue+0xc75/0xdb0 at addr ffff88007a06d428
> [   21.447953] Read of size 4 by task rsyslogd/1612
> 
> ...
> 
> ip6_dst_check+0x262/0x410

> syscall(SYS_socket, 0xaul, 0x1ul, 0x0ul, 0, 0, 0);

Use CVE-2016-6828.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXtSOaAAoJEHb/MwWLVhi2eVYP/17p3S7V79KaB1JBE+6KR5Kg
OFGawnxE05zFw+/YmhzmeiQY+YDEvEyNVvIcMhEmSksFkQofVodzJGKZ78f0K8Tz
GrhHn+s/uc4KJTxacJAIFYG8ZbEw24A3fnN8wU+nBkjzwOiwiz4wsP54MC43PLQz
azZC2d47rXfHwr9whoUFik5vi2HvU8AesDbRIFOK1g1U35Z0J7PybcZjh5NE5loP
/8zGlYR602bCq7PfAvoYW34Ui0kHRqDu0PaRiLlLVVrAVwDOd20ZZPfqcF9DOW85
aF2vwlttTyL+Ogy1StraNtq06XWICOMULR4l9Y5Q30438icDEiH6yW/aOccctG3j
CKC0QOfNtvPI4HtVjPUgx92icRHsxh+/VBED4WxnF3iHBzLMRT9EBxTHAS3MV4oM
mZmSRQsMiP0cgcmi7KEeej5RWh9YvmSCfgrBTxXDnLr3vXbDJpDTA5jzXXXXpxAY
tluapbNlEffKrW6aspd6FnqSze9N7zQA6LxWmmpL9bUAFNp3EcLNFLis+e9RLPYy
5Kz/+x1sB1IDldHANp8QsAGk+GvWGGSauOuFyKKP3s84Y0Da3shCw/LuEweo0qFP
uapf8CH6uD8ZR3P/9AfiftpX+q0YNITdfsp6XbKtVRgW3fgg44UyRHP5zGUwkJWT
b0SEiC2X+uIfP1/0CTqd
=dKqq
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.