oss-sec mailing list archives
Re: various sddm vulnerabilities
From: cve-assign () mitre org
Date: Mon, 6 Oct 2014 02:43:18 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
From: mbriza () redhat com
Although we don't believe any of the issues you reported could lead to a privilege escalation (as some of the resulting bugreports suggest), we consider them to be security issues.
https://github.com/sddm/sddm/pull/279
https://bugzilla.suse.com/show_bug.cgi?id=897788#c6 sddm user is not available for choosing in the first place
As far as we can tell, the vendor considers it a vulnerability for unauthenticated logins as sddm to succeed, so we'll assign CVE-2014-7271. The conditions under which this can happen are not clear; maybe one or more of these is true: - sddm is a regular user account, not a uid-below-1000 account, on some systems because a Linux distribution is allowed to customize the sddm account name in its own sddm package - sddm is a regular user account, not a uid-below-1000 account, on some systems because that username was in use before sddm was installed - there's a way to choose to login as sddm even if sddm isn't on the list of users
https://bugzilla.suse.com/show_bug.cgi?id=897788#c7 https://bugzilla.suse.com/show_bug.cgi?id=897788#c8 https://bugzilla.suse.com/show_bug.cgi?id=897788#c9 https://github.com/sddm/sddm/pull/280
Apparently the primary problem is unsafe write operations into a directory that's completely controlled by a unprivileged user. (The chown is, in some sense, a write operation on security-relevant file metadata.) Use CVE-2014-7272 for all of these three. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUMjmKAAoJEKllVAevmvmsyBcH/RNiNIUywq9yYODGZ1/2bPWU acu4SMFvHtZ0eP26c1KYq5R7WJG/3TQwCz9OdA1SjfxcIwnBGNFOd+f85SA95v/t QVS7kLmGZQ74Z+zd+WQBDd5HNIQRpz3hJM1ppIMDwQY3xgulRN71GUKI/IRNVAL/ cxIxHnhqPWoO7Uc0+3IRZkp7fJ07+NQZreaUMxBZWYe/hE5tJXxhQIM+wuFJ0XEs DMjs2gRspQQiv2TRQX1S09vg7oVdrgTIkJPJsVPqqzMBjq6mMYIIj/yuKiU8pel+ EMBZtSedbJESOawciOKsrFLJ1ZaYGydOhKFBhu4DHAf1FXl7Ii+h8QDeOOSF+5M= =GZYa -----END PGP SIGNATURE-----
Current thread:
- various sddm vulnerabilities Sebastian Krahmer (Oct 01)
- Re: various sddm vulnerabilities Martin Bříza (Oct 02)
- Re: various sddm vulnerabilities cve-assign (Oct 05)