Bug 1758248 (CVE-2019-17055) - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol.
Summary: CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_IS...
Keywords:
Status: NEW
Alias: CVE-2019-17055
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1779473 1779474 1779475 1779477 1779478 1758249
Blocks: 1758252
TreeView+ depends on / blocked
 
Reported: 2019-10-03 16:49 UTC by Dhananjay Arunesh
Modified: 2019-12-06 13:57 UTC (History)
47 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel’s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-10-03 16:49:09 UTC
A vulnerability was found in base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket.



Reference:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80

Comment 1 Dhananjay Arunesh 2019-10-03 16:50:00 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1758249]

Comment 2 Fedora Update System 2019-10-25 18:06:53 UTC
kernel-5.3.6-100.fc29, kernel-headers-5.3.6-100.fc29, kernel-tools-5.3.6-100.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Wade Mealing 2019-12-04 03:41:15 UTC
It -may- be possible that a local user can use this to directly control attached ISDN hardware, hanging up the connection or redialing long distance/high fee numbers incurring large fees to the telephony systems.

Comment 8 Eric Christensen 2019-12-05 18:30:53 UTC
Mitigation:

At this time the only known way to 'mitigate' this flaw is to blacklist the kernel module from being loaded. Creating raw sockets with this protocol is a method of communicating with ISDN hardware, a technology that is becoming less and less common.

Check https://access.redhat.com/solutions/41278 for instructions on how to disable the mISDN_core.ko module.


Note You need to log in before you can comment on or make changes to this bug.