Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20151210061934.76ED042E02C@smtpvbsrv1.mitre.org>
Date: Thu, 10 Dec 2015 01:19:34 -0500 (EST)
From: cve-assign@...re.org
To: wmealing@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A malicious user with a local account may be able to escalate privileges
> and take control of local system by abusing the user key subsystem.
> 
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd
> https://bugzilla.redhat.com/show_bug.cgi?id=1284450

> The following may be used to trigger the bug in the user key type:
> 
>   keyctl request2 user user "" @u
>   keyctl add user user "a" @u
> 
> BUG: unable to handle kernel paging request at 00000000ffffff8a
> 
> A similar bug can be tripped by:
> 
>   keyctl request2 trusted user "" @u
>   keyctl add trusted user "a" @u
> 
> This should also affect encrypted keys

Use CVE-2015-8539 for all of the mentioned variants of the problem
with all key types.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWaRkVAAoJEL54rhJi8gl5o/oP/1YN18NSpjPeJXZxqLEyK36Z
P/Oh+smZA8SOns1cgtas7hN9u+4YDwec+t70GHxXLaxJ5FkkP/cSOHKBw1LvGfnT
FXlGbMEtROjTgj1BnaIInD7k6jS/v4Yktsx+m3OtRixOKYUiIAkUCw02oxXzFzOE
mvhvrOHIFNFe461uxDSjWS92stiTTNz+M8fr78At+jvZTHf1NKHSO00toKSR91h0
O8U3FuGdCp93wXbmPbSWA6V+8BqXyb9KoRZIsjy0ZPmdrkiN93kC+HMoajs7640Q
+kmpr47lU1m+ylZR+lb5fiKd+LZQ0nfWY1NrxSVhZdf+JBuCwXbio/PZL81FCXx8
LqQnb3okD+y58vgzgNjUjhNYxNFSj2lnyBQN10nsfuaJhwebMhwv1DoxAU+zstoa
fxv0DzD0huB6+8y6X5LlnMMRuBddevZOM7fY2mdvVxidk5g2S1rbVVkFVFsWpMJc
nuudGfPDpVeNIK7ynoe0HTmOKzCIrk++wQf0G65kFy2fgkJbAK6VKDSBciwXV89f
ehfmZz2prmimKQWJaYFvRx2Yt6+lQPb+sKWBo2VD+Ej3UDQNme9Kc66t7Ya1/QUB
H2cCxdtaQe0czg25onwiQ1/mRTEH73pWMItCGykaz1VnT3wfODDJRsdA0zz9/Up1
cSjiCso7a7rcwyBcNLtX
=eqXE
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.