1383265 – (IP6T_SO_SET_REPLACE) CVE-2016-4997 compat IP6T_SO_SET_REPLACE setsockopt

Bug 1383265 (IP6T_SO_SET_REPLACE) - CVE-2016-4997 compat IP6T_SO_SET_REPLACE setsockopt

Summary: CVE-2016-4997 compat IP6T_SO_SET_REPLACE setsockopt

Keywords:
Status:	CLOSED DUPLICATE of bug 1349722
Alias:	IP6T_SO_SET_REPLACE
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-10-10 10:18 UTC by Qian Zhang
Modified:	2016-10-11 02:47 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-10-10 11:01:51 UTC
Embargoed:

Attachments	(Terms of Use)

Description Qian Zhang 2016-10-10 10:18:03 UTC

The IPv6 netfilter subsystem in the Linux kernel through 4.6.2 does not validate certain offset fields,
which allows local users to escalade privileges via an IP6T_SO_SET_REPLACE compat setsockopt call

The page
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
has updated their Description and References sections

Discussion on oss-sec:
http://www.openwall.com/lists/oss-security/2016/09/29/10

Comment 1 Petr Matousek 2016-10-10 11:01:51 UTC


*** This bug has been marked as a duplicate of bug 1349722 ***

Note You need to log in before you can comment on or make changes to this bug.