Retire CVE-2015-8709

1 files changed, 25 insertions, 0 deletions

diff --git a/retired/CVE-2015-8709 b/retired/CVE-2015-8709
new file mode 100644
index 00000000..855cfe92
--- /dev/null
+++ b/retired/CVE-2015-8709
@@ -0,0 +1,25 @@
+Description: privileged process entering userns can be ptraced by userns owner
+References:
+ https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1527374
+ https://lkml.org/lkml/2015/12/25/71
+Notes:
+ bwh> CVE requested at http://www.openwall.com/lists/oss-security/2015/12/17/12
+ bwh> This was initially rejected as an upstream kernel bug, but I believe it
+ bwh> was eventually fixed upstream as noted below.
+ bwh> Dependencies:
+ bwh> 3dfb7d8cdbc7 security: let security modules use PTRACE_MODE_* with bitmasks
+ bwh> caaee6234d05 ptrace: use fsuid, fsgid, effective creds for fs access checks
+ bwh> Related:
+ bwh> 64b875f7ac8a ptrace: Capture the ptracer's creds not PT_PTRACE_CAP
+ bwh> 84d77d3f06e7 ptrace: Don't allow accessing an undumpable mm
+ bwh> f84df2a6f268 exec: Ensure mm->user_ns contains the execed files
+ bwh> 613cc2b6f272 fs: exec: apply CLOEXEC before changing dumpable task flags
+Bugs:
+upstream: released (4.10-rc1) [bfedb589252c01fa505ac9f6f2a3d5d68d707ef4]
+4.9-upstream-stable: released (4.9.1) [694a95fa6dae4991f16cda333d897ea063021fed]
+3.16-upstream-stable: released (3.16.52) [d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12]
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.3.3-3) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
+4.9-stretch-security: N/A "Fixed before branching point"
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
+3.2-wheezy-security: N/A "Vulnerable code not present"