blob: be228b56fde97cee5737b1b6a4c76a4fec927c20 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Description: Connecting raw socket with invalid protocol number causes oops
References:
http://www.openwall.com/lists/oss-security/2015/12/09/3
http://article.gmane.org/gmane.linux.network/391482
Notes:
bwh> Only exploitable with CAP_NET_RAW. Since Linux 3.8 the capability
bwh> checks use ns_capable() and containers can also exploit this.
bwh> For earlier versions it's not important.
Bugs:
upstream: released (4.4-rc6) [79462ad02e861803b3840cc782248c7359451cd9]
3.16-upstream-stable: released (3.16.7-ckt22)
3.2-upstream-stable: released (3.2.75) [net-add-validation-for-the-socket-syscall-protocol-argument.patch]
2.6.32-upstream-stable: released (2.6.32.70)
sid: released (4.3.3-1) [bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch]
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u1) [bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch]
3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch]
2.6.32-squeeze-security: released (2.6.32-48squeeze18) [bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch]
|