Bug 1758248 (CVE-2019-17055) - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
Summary: CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_IS...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-17055
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1758249 1772779 1778625 1779473 1779474 1779475 1779476 1779477 1779478
Blocks: 1758252
TreeView+ depends on / blocked
 
Reported: 2019-10-03 16:49 UTC by Dhananjay Arunesh
Modified: 2023-12-15 16:49 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel’s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit.
Clone Of:
Environment:
Last Closed: 2020-03-11 22:31:42 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2052 0 None None None 2020-05-11 12:53:51 UTC
Red Hat Product Errata RHBA-2020:2626 0 None None None 2020-06-19 01:49:55 UTC
Red Hat Product Errata RHBA-2020:4416 0 None None None 2020-10-29 15:09:15 UTC
Red Hat Product Errata RHBA-2020:4417 0 None None None 2020-10-29 15:07:46 UTC
Red Hat Product Errata RHBA-2020:4418 0 None None None 2020-10-29 15:13:08 UTC
Red Hat Product Errata RHBA-2020:4419 0 None None None 2020-10-29 15:11:59 UTC
Red Hat Product Errata RHBA-2020:4420 0 None None None 2020-10-29 15:50:45 UTC
Red Hat Product Errata RHSA-2020:0790 0 None None None 2020-03-11 16:45:49 UTC
Red Hat Product Errata RHSA-2020:1567 0 None None None 2020-04-28 15:25:09 UTC
Red Hat Product Errata RHSA-2020:1769 0 None None None 2020-04-28 15:51:35 UTC
Red Hat Product Errata RHSA-2020:4060 0 None None None 2020-09-29 20:51:27 UTC
Red Hat Product Errata RHSA-2020:4062 0 None None None 2020-09-29 18:57:55 UTC

Description Dhananjay Arunesh 2019-10-03 16:49:09 UTC 
A vulnerability was found in base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket.



Reference:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80
Comment 1 Dhananjay Arunesh 2019-10-03 16:50:00 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1758249]
Comment 2 Fedora Update System 2019-10-25 18:06:53 UTC 
kernel-5.3.6-100.fc29, kernel-headers-5.3.6-100.fc29, kernel-tools-5.3.6-100.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Wade Mealing 2019-12-04 03:41:15 UTC 
It -may- be possible that a local user can use this to directly control attached ISDN hardware, hanging up the connection or redialing long distance/high fee numbers incurring large fees to the telephony systems.
Comment 8 Eric Christensen 2019-12-05 18:30:53 UTC 
Mitigation:

At this time the only known way to 'mitigate' this flaw is to blacklist the kernel module from being loaded. Creating raw sockets with this protocol is a method of communicating with ISDN hardware, a technology that is becoming less and less common.

Check https://access.redhat.com/solutions/41278 for instructions on how to disable the mISDN_core.ko module.
Comment 10 errata-xmlrpc 2020-03-11 16:45:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0790 https://access.redhat.com/errata/RHSA-2020:0790
Comment 11 Product Security DevOps Team 2020-03-11 22:31:42 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-17055
Comment 12 errata-xmlrpc 2020-04-28 15:25:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567
Comment 13 errata-xmlrpc 2020-04-28 15:51:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769
Comment 14 errata-xmlrpc 2020-09-29 18:57:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
Comment 15 errata-xmlrpc 2020-09-29 20:51:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060
Note You need to log in before you can comment on or make changes to this bug.