oss-sec mailing list archives

Re: CVE request: FreeBSD/OS X crontab information leakage

From: Josh Bressers <bressers () redhat com>
Date: Mon, 28 Feb 2011 16:13:23 -0500 (EST)

This should probably get three.

----- Original Message -----

Details here:
http://marc.info/?l=full-disclosure&m=129891323028897&w=2

There are three leaks, each of which amounts to a minor DAC bypass.

1. Leakage of file/directory existence via stat() calls (e.g.
determining if a file exists regardless of search permissions on
directories)


CVE-2011-1073


2. Leakage of directory existence via realpath()


CVE-2011-1074


3. Arbitrary MD5 comparison (e.g. ability to determine if any two
files have identical MD5 hashes, regardless of read permissions on
those files)


CVE-2011-1075

Thanks.

-- 
    JB

Current thread:

CVE request: FreeBSD/OS X crontab information leakage Dan Rosenberg (Feb 28)
- Re: CVE request: FreeBSD/OS X crontab information leakage Josh Bressers (Feb 28)