'Re: [oss-security] CVE-2017-7184: kernel: Local privilege escalation in XFRM framework'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2017-7184: kernel: Local privilege escalation in XFRM framework
From:       Tyler Hicks <tyhicks () canonical ! com>
Date:       2017-03-30 14:17:45
Message-ID: 73f91775-3811-b90e-66a3-69620c3b5349 () canonical ! com
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


A PoC is not publicly available for this issue.

Tyler

On 03/29/2017 10:18 PM, Lokesh Ubuntu wrote:
> Is there any POC for this to conclude? Thanks.
> 
> Regards, Lokesh
> 
> On Mar 30, 2017 03:14, "Tyler Hicks" <tyhicks@canonical.com
> <mailto:tyhicks@canonical.com>> wrote:
> 
> A security issue was reported by ZDI, on behalf of Chaitin Security
> Research Lab, against the Linux kernel in Ubuntu. It also affected the
> upstream kernel.
> 
> Chaitin Security Research Lab discovered that xfrm_replay_verify_len(),
> as called by xfrm_new_ae(), did not verify that the user-specified
> replay_window was within the replay state buffer.
> 
> This allowed for out-of-bounds reads and writes of kernel memory.
> Chaitin Security showed that this can lead to local privilege escalation
> by using user namespaces in order to configure XFRM. XFRM configuration
> requires CAP_NET_ADMIN so this issue is mitigated in kernels which do
> not enable user namespaces by default.
> 
> Fixes:
> -
> https://git.kernel.org/linus/677e806da4d916052585301785d847c3b3e6186a \
>                 <https://git.kernel.org/linus/677e806da4d916052585301785d847c3b3e6186a>
> -
> https://git.kernel.org/linus/f843ee6dd019bcece3e74e76ad9df0155655d0df \
> <https://git.kernel.org/linus/f843ee6dd019bcece3e74e76ad9df0155655d0df> 
> Tyler
> 
> 


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic