oss-sec mailing list archives

CVE id request: op

From: Nico Golde <oss-security+ml () ngolde de>
Date: Sat, 12 Jul 2008 21:38:39 +0200

Hi,
op, a replacement for sudo that is used to grant access to 
certain root operations to users suffers of a stack based 
buffer overflow because of missing bounds check of the 
XAUTHORITY variable used if op is configured with 
--enable-xauth and op.conf uses the xauth configuration 
option. Under a normal installation this tool runs with an 
effective user id 0 so it is possible to exploit this and 
get more privileges or execute arbitrary code with root 
privileges.

Fixed upstream changeset:
http://swapoff.org/changeset/563

Steve, could you assign a CVE id to this?

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE id request: op Nico Golde (Jul 12)
- Re: CVE id request: op Steven M. Christey (Jul 18)