oss-sec mailing list archives
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 24 Apr 2012 14:45:10 +0200
nfs-client-1.2.5 rpm which is probably a result of the nfs-utils-1.2.5 source package. Sebastian On Tue, Apr 24, 2012 at 02:34:23PM +0200, Florian Weimer wrote:
* Sebastian Krahmer:Indeed, the point was to also check against fscaps: https://bugzilla.novell.com/show_bug.cgi?id=694598 At least it should be considered for future builds. The mount.nfs case was only interesting for the suid bit.Okay. Our mount.nfs doesn't seem to use libgssglue. I wonder if you use a different code base, or if this is something that's going to be come relevant to use with a newer upstream version, too.
-- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team --- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany
Current thread:
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)