<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Remote code execution in connman
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Marcus Meissner <meissner () suse de>
Date: Mon, 8 Feb 2021 10:11:05 +0100
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,
Tesla has reported a remote (adjacent network) code execution flaw in
connman, a lightweight network manager, to our SUSE colleage and
connman upstream maintainer Daniel Wagner,
https://git.kernel.org/pub/scm/network/connman/connman.git/
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
Mitre has assigned CVE-2021-26675.
The commit fixes a stack buffer overflow that can be used to execute code by network adjacent attackers.
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
Mitre has assigned CVE-2021-26676
Remote stack information leak which can be used to help execute CVE-2021-26675 reliably.
Ciao, Marcus
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
Remote code execution in connman Marcus Meissner (Feb 08)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->