Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAAeHK+wyDjXzJ==B6NtmAiin9n2haTrkB_sge0pQS0BM=hGUFQ@mail.gmail.com>
Date: Sun, 12 Feb 2017 19:46:49 +0100
From: Andrey Konovalov <andreyknvl@...gle.com>
To: oss-security@...ts.openwall.com
Subject: Fwd: [scr293903] Linux kernel - upstream

---------- Forwarded message ----------
From:  <cve-request@...re.org>
Date: Sun, Feb 12, 2017 at 7:45 PM
Subject: Re: [scr293903] Linux kernel - upstream
To: andreyknvl@...gle.com
Cc: cve-request@...re.org


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The CVE ID is below. Please clarify whether you want this added to the
public CVE List immediately. You have provided
https://patchwork.ozlabs.org/patch/724136/ as a public reference that
appears to disclose this as a vulnerability, at least if the attacker
can run a local application to make arbitrary system calls. The public
reference does not directly suggest a remote attack: that detail could
be omitted from the public CVE List.


> [Additional Information]
> It's possible to cause a denial of server by sending bad IP options on a socket.
> Potentially this can be triggered remotely.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Denial of service
>
> ------------------------------------------
>
> [Vendor of Product]
> Linux kernel
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Linux kernel - upstream
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Reference]
> https://patchwork.ozlabs.org/patch/724136/
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true

Use CVE-2017-5970.


- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYoK07AAoJEHb/MwWLVhi28REP/id92tkREqUYayj/GcZUN67r
swVR6fvnO0vP7lfVR4iPg5tKRCfM9FkIBU2+OHEXFGzvsXA/jHaabADqqkWOHfGA
QcXx4dz1HJEwGr+ALRVW6YDl7clWIKW9u6zP2Md6EKYPxl5IeeJHvQwCCFGhW4CW
zTdxYnPaSVs8PixpYpF5ZpiVzGL2KM13Ccwbsj7Jkjzz4YzNjWXz5Si3DsDkrD9v
NwGN1DG9q8p+Nab29di55oRSMsx9NqAXzbIKzH93aoykO5gU7PsvwszsAg98NsAY
mcwj/3s+HaZkH6i2Q8UyRfqvZ6JWNr3FGGhfZX+pEnYZ28RF93Ven8+8MrlrSEkm
B/tx0gf7Y3RPvb686ppDpkPK0x5JeOEsMhRHRSF5GKm24Ltev0c+vyEts2KJeAoq
f+8PiFz3T2DIrs3356/sa7ovsQl2+X10vQj/Ai0G4CFC1J+3e9cdqkYPvOR5PlVB
PMArIFpd2FLD/Rt9SmbtWlA6Crtcx/2Ijz29T1BlHIWSxmni1nz1bgnzg3+XhFwL
fnoCy/Wl1b/9Er6+VmY0jzlr66IOAr+5GycnjSfKqQFBEAejuH/vuGQVXP4w3F4q
6Uc1uDVE1onZPIuRgzhEUienWlRnoOOwD1Bdwa1BLEKf0sx+6zr+2gvsvr1dAI27
P8bNrk2iD7/BEvo/GY5O
=Esbo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.