oss-sec mailing list archives
lxterminal: insecurely uses /tmp for a socket file
From: Medical Wei <mwei () lxde org>
Date: Tue, 9 May 2017 08:18:49 +0800
A vulnerability has been found that unixsocket.c in lxterminal insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch) or possibly have other impact. This bug has been assigned to CVE-2016-10369 [1], and has been publicly discussed in Stackexchange website [2]. A bug fix has been committed to the lxterminal's git repository [3], and LXDE developers are working on a release. [1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369 [2]: https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578 [3]: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- lxterminal: insecurely uses /tmp for a socket file Medical Wei (May 08)