[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof 
From:       cve-assign () mitre ! org
Date:       2015-02-27 7:34:24
Message-ID: 20150227073424.A185E52E086 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> can you please assign a CVE ID for the kernel
> 
> This was fixed in 3.6 with
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef
> 

We haven't seen anyone object to that type of CVE assignment, so use
CVE-2012-6689 for this Linux kernel issue.

(There may be an alternative viewpoint that the issue, or at least the
patch, was a security/functionality tradeoff.
http://marc.info/?l=linux-netdev&m=134522422125983&w=2 says "The
second tries to address netlink spoofing for non-root processes from
the kernel while disabling the ability of two processes to
communicate. Yes, this may be controversial I guess." This refers to
the http://marc.info/?l=linux-netdev&m=134522422925986&w=2 patch.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU8B0KAAoJEKllVAevmvmshZUH/3rdgF/TqUhinOrKRcS3Kv/N
x9e5h3g5i5bqMOKffu/09gWx/3MdVLpVTY67WBdZNnLsq0CBm2kDdq9HNcy/i5LT
T5bxZUxiZtG023MYOP27dwI+DZvcikdY89C1yVoLzKWHDhb2z27UXbct9X36jFGG
YiPdMXABtqd6Hbp1QMVWTvCrDz+RDVvoJtL29dUxYb2jBS7koW6pPIlWp4vyzF0j
KaouZ6jZ8U7kH1/BlLDZ64TsBviryT24O4aJza+muGTeOJgzKbbrqreNA+cGNISQ
2ZGxctQgRZClO56nS+Bhb3NAFAmlT7sZHaRV06FMXOAqw/QroqjVQIQ2tkpM1/Q=
=Hy74
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]