[v3.0] kernel: gain privileges in net/l2tp/l2tp_ppp.c (CVE-2014-4943)
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1119458
COMMIT:
https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
MLIST: http://openwall.com/lists/oss-security/2014/07/17/1
CONFIRM: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4943
(from redmine: issue id 3217, created on 2014-07-21, closed on 2017-05-17)
- Relations:
- parent #3213
- Changesets:
- Revision 3a97f6f6 by Natanael Copa on 2014-07-24T16:55:06Z:
main/linux-grsec: upgrade to 3.14.13
grsecurity patch has fixes for various issues:
CVE-2014-4943
CVE-2014-4171
fixes #3178
fixes #3217