oss-sec mailing list archives
Re: CVE Request: two flaws in hesiod permitting privilege elevation
From: <cve-assign () mitre org>
Date: Fri, 20 Jan 2017 22:20:58 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
[] Weak SUID check allowing privilege elevation Hesiod unsafely checks EUID vs UID in a few places, consulting environment variables for configuration if they match. This could be used for privilege elevation under some circumstances. The fix uses secure_getenv() in place of getenv(). https://bugzilla.redhat.com/show_bug.cgi?id=1332508 https://github.com/achernya/hesiod/pull/9
Use CVE-2016-10151.
[] Use of hard-coded DNS domain if configuration file cannot be read If opening the configuration file fails, hesiod falls back on a default domain ".athena.mit.edu" to retrieve managed information. A local attacker with the opportunity to poison DNS cache could potentially elevate their privileges to root by causing fopen() to fail. https://bugzilla.redhat.com/show_bug.cgi?id=1332493 https://github.com/achernya/hesiod/pull/10
Use CVE-2016-10152. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYgtL0AAoJEHb/MwWLVhi2PDQQAJdi7nsPsB1xxrd++RQ2UUMW L7cvq12NOEPommq0pLUjPYWM2/IqOGj56H7HSJIyBEtw+knSXM5xMUpKbdSbwa2N gVNVcw+wu5fHQkGUzJJ0rvwsQANZDATb0NDpp1GCzSdc90V08Jok80QOlCm7FUY3 TvqefiuQBcGtF45nhPm7x2NRVkQbeU4t7ewOofBdRpRidbzHHxLC0ts0gBmZpEAR CCv+fKOO1dLY2PIk/+jo7qczV1oqvrIgetQE9dZHp+p01NsHLdKg+Uge7/sK9k5F dp6Zqf+Upzfg78II9cAZJwpWTOyd8zFyQRvtp82qz3DH74c2u1/lgVH2VqZtLIWn XLoZxhKLjL/ADM9QvJFvqEIrs7nC0QGJrgoQpihGohszGTtt3l3k+b6DmPt28OIn clgHS4z1quEqJT/YKHaFfbDVyLqjWvRQXFo4YfAUtHXur4SNzXBKy3VnPssmw+Kd jL4gYvzrTJRlV0cG2wvHEAMb9yqTAtqPCVU7ujS+sosfBN8ADvALuQ0U9ag1JW9Q 1oSq/mQ1ZKi+07Y6GiCQBflkIYM7EIKIHQJDj2DrtZc3gM5W4ee6ilpQ83ZdJduE JJRmwqbPwsxq4q5L2mqslIfklmUR+Fatodji7bbXpxHjqiafBXR8UdDNx+L3x0fp bMErFJVq6SNHHilpwa6a =J/Hc -----END PGP SIGNATURE-----
Current thread:
- CVE Request: two flaws in hesiod permitting privilege elevation Doran Moppert (Jan 19)
- Re: CVE Request: two flaws in hesiod permitting privilege elevation cve-assign (Jan 20)