oss-sec mailing list archives
Re: CVE request: FreeBSD/OS X crontab information leakage
From: Josh Bressers <bressers () redhat com>
Date: Mon, 28 Feb 2011 16:13:23 -0500 (EST)
This should probably get three. ----- Original Message -----
Details here: http://marc.info/?l=full-disclosure&m=129891323028897&w=2 There are three leaks, each of which amounts to a minor DAC bypass. 1. Leakage of file/directory existence via stat() calls (e.g. determining if a file exists regardless of search permissions on directories)
CVE-2011-1073
2. Leakage of directory existence via realpath()
CVE-2011-1074
3. Arbitrary MD5 comparison (e.g. ability to determine if any two files have identical MD5 hashes, regardless of read permissions on those files)
CVE-2011-1075 Thanks. -- JB
Current thread:
- CVE request: FreeBSD/OS X crontab information leakage Dan Rosenberg (Feb 28)
- Re: CVE request: FreeBSD/OS X crontab information leakage Josh Bressers (Feb 28)