oss-sec mailing list archives

Re: CVE request: tss <= 0.8.1-3: arbitary file reading

From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 17 Apr 2008 13:07:53 -0400 (EDT)


On Thu, 17 Apr 2008, Nico Golde wrote:

Steve (the mitre one :) did you miss that?


yes, but I didn't miss this anyway :)

======================================================
Name: CVE-2008-1877
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1877
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475747

tss 0.8.1 allows local users to read arbitrary files via the -a
parameter, which is processed while tss is running with privileges.

Current thread:

CVE request: tss <= 0.8.1-3: arbitary file reading Steve Kemp (Apr 12)
- Re: CVE request: tss <= 0.8.1-3: arbitary file reading Nico Golde (Apr 17)
  - Re: CVE request: tss <= 0.8.1-3: arbitary file reading Steven M. Christey (Apr 17)