blob: b926309c40dca8453d63fbc8a10003ad94822a28 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Exploitable memory corruption due to UFO to non-UFO path switch
References:
http://www.openwall.com/lists/oss-security/2017/08/10/5
Notes:
carnil> Introduced in e89e9cf539a28df7d0eb1d0a545368e9920b34ac
bwh> Exploitation is possible by unprivileged users after commit 40ba330227ad
bwh> "udp: disallow UFO for sockets with SO_NO_CHECK option", or with
bwh> CAP_NET_ADMIN (in any namespace). This is low severity for 3.2 and also
bwh> will be hard to fix there without revisiting CVE-2013-4470.
Bugs:
upstream: released (4.13-rc5) [85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa]
4.9-upstream-stable: released (4.9.43) [33dc6a6a85f1d6ce71e7056d009b8a5fcbf10f70]
3.16-upstream-stable: released (3.16.47) [08676246d893e3a42a541a2ef1291f2ea62c5b06]
3.2-upstream-stable: ignored "Low severity and difficult to backport"
sid: released (4.12.6-1) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
3.2-wheezy-security: ignored "Low severity and difficult to backport"
|
