path: root/retired/CVE-2017-7184

Description: Missing range checks in xfrm_user allow heap buffer overflow and privilege escalation
References:
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7184
Notes:
 bwh> xfrm_user is only accessible with CAP_NET_ADMIN capability (in any
 bwh> user namespace).  So this is not exploitable by unprivileged users
 bwh> in a default Debian configuration.
Bugs:
upstream: released (4.11-rc5) [677e806da4d916052585301785d847c3b3e6186a, f843ee6dd019bcece3e74e76ad9df0155655d0df]
4.9-upstream-stable: released (4.9.20) [64a5465799ee40e3d54d9da3037934cd4b7b502f, 79191ea36dc9be10a9c9b03d6b341ed2d2f76045]
3.16-upstream-stable: released (3.16.44) [811f5600db1a0a9c4f1abad5017e09f43d7088f3, fda265baa45b630675359db3699bb68350c4b907]
3.2-upstream-stable: released (3.2.89) [04dba730e9d4798184b4769f74ef14c20f8c6f9a, 4d09fd3505c59374e599a29918ca40059be3d554]
sid: released (4.9.18-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]
3.16-jessie-security: released (3.16.43-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]
3.2-wheezy-security: released (3.2.88-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]