Bug 1758248 (CVE-2019-17055) - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol.
Summary: CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_IS...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-17055
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1779474 1779476 1758249 1772779 1778625 1779473 1779475 1779477 1779478
Blocks: 1758252
TreeView+ depends on / blocked
 
Reported: 2019-10-03 16:49 UTC by Dhananjay Arunesh
Modified: 2020-06-26 06:41 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel’s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit.
Clone Of:
Environment:
Last Closed: 2020-03-11 22:31:42 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2052 None None None 2020-05-11 12:53:51 UTC
Red Hat Product Errata RHBA-2020:2626 None None None 2020-06-19 01:49:55 UTC
Red Hat Product Errata RHSA-2020:0790 None None None 2020-03-11 16:45:49 UTC
Red Hat Product Errata RHSA-2020:1567 None None None 2020-04-28 15:25:09 UTC
Red Hat Product Errata RHSA-2020:1769 None None None 2020-04-28 15:51:35 UTC

Description Dhananjay Arunesh 2019-10-03 16:49:09 UTC
A vulnerability was found in base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket.



Reference:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80

Comment 1 Dhananjay Arunesh 2019-10-03 16:50:00 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1758249]

Comment 2 Fedora Update System 2019-10-25 18:06:53 UTC
kernel-5.3.6-100.fc29, kernel-headers-5.3.6-100.fc29, kernel-tools-5.3.6-100.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Wade Mealing 2019-12-04 03:41:15 UTC
It -may- be possible that a local user can use this to directly control attached ISDN hardware, hanging up the connection or redialing long distance/high fee numbers incurring large fees to the telephony systems.

Comment 8 Eric Christensen 2019-12-05 18:30:53 UTC
Mitigation:

At this time the only known way to 'mitigate' this flaw is to blacklist the kernel module from being loaded. Creating raw sockets with this protocol is a method of communicating with ISDN hardware, a technology that is becoming less and less common.

Check https://access.redhat.com/solutions/41278 for instructions on how to disable the mISDN_core.ko module.

Comment 10 errata-xmlrpc 2020-03-11 16:45:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0790 https://access.redhat.com/errata/RHSA-2020:0790

Comment 11 Product Security DevOps Team 2020-03-11 22:31:42 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-17055

Comment 12 errata-xmlrpc 2020-04-28 15:25:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567

Comment 13 errata-xmlrpc 2020-04-28 15:51:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769


Note You need to log in before you can comment on or make changes to this bug.