Remotely exploitable netfilter
When you're firewall is the vulnerability, it's probably not good. Posting for awareness. https://nvd.nist.gov/vuln/detail/CVE-2022-25636 John
My heart almost skipped a beat until I read this in the CVE description: "... Linux kernel 5.4 through 5.6.10 allows local users to gain privileges ..." So, not likely to affect any of my busiest systems (because of the kernel version range), and not remotely exploitable in any case. Still, good to know. Will watch for kernel upgrade packages. Thanks for sharing! Gilbert On 2022-03-16 8:47 a.m., John Lange wrote:
When you're firewall is the vulnerability, it's probably not good. Posting for awareness.
-- Gilbert E. Detillieux E-mail: <gedetil@cs.umanitoba.ca> Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/ University of Manitoba Phone: (204)474-8161 Winnipeg MB CANADA R3T 2N2
On 2022-03-16 09:41, Gilbert E. Detillieux wrote:
My heart almost skipped a beat until I read this in the CVE description:
"... Linux kernel 5.4 through 5.6.10 allows local users to gain privileges ..."
So, not likely to affect any of my busiest systems (because of the kernel version range), and not remotely exploitable in any case.
5.4 is used by Ubuntu 20.04 LTS, so it'll bite quite a number of people. Not being exploitable is certainly a plus, though. -Alberto
On Wednesday, March 16, 2022 8:47:48 A.M. CDT John Lange wrote:
When you're firewall is the vulnerability, it's probably not good. Posting for awareness.
https://nvd.nist.gov/vuln/detail/CVE-2022-25636
John
I suppose CVE numbers are given out sequentially? And we're at 25,636, in mid-March? Seems like it was only yesterday when they had to expand the CVE ID format beyond 4 digits...
Sorry about the incorrect subject line and causing unnecessary panic. It is *NOT* remotely exploitable. I read "netfilter" and my brain automatically went to remote vulnerability since protecting against remote threats is what firewalls do. John On Wed, Mar 16, 2022 at 9:50 AM Glen Ditchfield <GJDitchfield@acm.org> wrote:
On Wednesday, March 16, 2022 8:47:48 A.M. CDT John Lange wrote:
When you're firewall is the vulnerability, it's probably not good. Posting for awareness.
https://nvd.nist.gov/vuln/detail/CVE-2022-25636
John
I suppose CVE numbers are given out sequentially? And we're at 25,636, in mid-March? Seems like it was only yesterday when they had to expand the CVE ID format beyond 4 digits...
_______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
-- John Lange
As far as I can tell/recall, the numbers are not assigned sequentially (thankfully, to your point). Here: https://cve.mitre.org/cve/identifiers/syntaxchange.html they're called arbitrary, and here: https://cve.mitre.org/cve/identifiers/tech-guidance.html under "Considerations for Output Format" and "Sorting", they say "CVE IDs are not allocated sequentially based on the disclosure date". I believe that CNAs (CVE Numbering Authorities) are allocated blocks by the CNA or other authority above them in the hierarchy, so CVE-2022-25XXX would be allocated to a specific CNA, and they would hand out numbers as needed (or assign to vulnerabilities within their own products). Though, in this case, that was handed out by Mitre Corp., which is a top-level CNA. That assignment process I don't have a source for, though, so I may be wrong. Here's a bit of explanation on the hierarchy though: https://www.cve.org/ProgramOrganization/Structure David Dyck david@ddyck.ca -----Original Message----- From: Roundtable <roundtable-bounces@muug.ca> On Behalf Of Glen Ditchfield Sent: March 16, 2022 9:49 AM To: roundtable@muug.ca Subject: Re: [RndTbl] Remotely exploitable netfilter On Wednesday, March 16, 2022 8:47:48 A.M. CDT John Lange wrote:
When you're firewall is the vulnerability, it's probably not good. Posting for awareness.
https://nvd.nist.gov/vuln/detail/CVE-2022-25636
John
I suppose CVE numbers are given out sequentially? And we're at 25,636, in mid-March? Seems like it was only yesterday when they had to expand the CVE ID format beyond 4 digits... _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
participants (5)
-
Alberto Abrao -
dndyck6@gmail.com -
Gilbert E. Detillieux -
Glen Ditchfield -
John Lange