oss-sec mailing list archives
Re: CVE id request: busybox
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 02 Mar 2013 21:43:53 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/01/2013 04:27 AM, Nico Golde wrote:
Hi, busyboxy is creating parts of the directory tree with incorrect permissions when creating device nodes in nested directories: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965 Can we get a CVE id for this please? Cheers Nico
Please use CVE-2013-1813 for this issue. Just a quick note: find / -perm +0002 should show a very minimal list (/tmp, /var/tmp, some spool dirs, and symbolic links), please run this on your packages/systems to ensure nothing silly is going out the door. It's 2013, I shouldn't be assigning CVEs for this problem still :P. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRMtUJAAoJEBYNRVNeJnmTtxwP/2SWV7ap1o3l8dJ0PbkWWsBm a1f8xQZ7/ir4XPF0aYTFXuq95qghTqjBHsJSm+MzS42rzULYeq7rJ7mI+ZOOlAIo z3PaRYnMxy2XsjJJu87C9fFAfJbYxsLfLEKWSD3s32jQhtSHgjeSDHUfmRVerYyT vf13i0UWhHyCvXfP4TJW8Kd3Eepa5HVrYkzBL22BkfYqW9qdKWL0i4DbENyuHPjk O+ycYKJi7s7NslwpKWxvs8GQEVUUN3RCj4PT5JottB8Sx3inyx6A07t+llQ0WwEb VFI+NYsx04TVxVVXiBfE1tF81AIdNcEvQIeIJxsDkiCvPhNxgWDLALBmDMZQrxYp fvJmstoLlZ8+eZDhMHMbD34VhmmAijKdd4wBSdEC77j+euw7K3HTYKPlKuobY3BV pFu3P9uViJdaciKBNW+RqzlruJDmJnub+gdTD/0o2R8XQkM4q6J8C7vzYSQLqKsP 4P820VlfttBKotQU3AmXdehYxqR5JavBbc94dvLUs+ENbn1S3BhbaBMQAAFVR/tm UO47DKQr+fHludhAQTrPhryS70dHkWYvTKWBxRJS4BczmtuqtBTvcj6YG7hFIP7W trOTRSgHSxxlufD4/g6aM2hHzxM+JBRB/Ligbx7qGCj1lLxPX4T4LQAkdWc2riyO jRYIu8P8veSaYNpCiGsD =V9L1 -----END PGP SIGNATURE-----
Current thread:
- CVE id request: busybox Nico Golde (Mar 01)
- Re: CVE id request: busybox Kurt Seifried (Mar 02)
- Re: CVE id request: busybox gremlin (Mar 03)
- Re: CVE id request: busybox Michael Tokarev (Mar 03)
- Re: CVE id request: busybox Piotr Karbowski (Mar 03)
- Re: CVE id request: busybox Michael Tokarev (Mar 03)
- Re: CVE id request: busybox Kurt Seifried (Mar 03)
- Re: CVE id request: busybox Michael Gilbert (Mar 03)
- Re: CVE id request: busybox Kurt Seifried (Mar 03)
- Re: CVE id request: busybox Thomas Biege (Mar 05)
- Re: CVE id request: busybox Thomas Biege (Mar 05)
- Re: CVE id request: busybox Raphael Geissert (Mar 05)
- Re: CVE id request: busybox gremlin (Mar 03)
- Re: CVE id request: busybox Kurt Seifried (Mar 02)