oss-sec mailing list archives
Re: CVE request: oping allows the disclosure of arbitrary file contents
From: security curmudgeon <jericho () attrition org>
Date: Tue, 10 Nov 2009 00:26:46 +0000 (UTC)
On Mon, 9 Nov 2009, Steven M. Christey wrote: : On Sat, 17 Oct 2009, yersinia wrote: : : > On Fri, Oct 16, 2009 at 10:06 PM, Josh Bressers <bressers () redhat com> wrote: : > > ----- "Julien Tinnes" <julien.tinnes () gmail com> wrote: : > > : > > [snip] : > > : > > I took a look in the oping source. Without another security flaw, this is just : > > a bug, oping doesn't do anything while still root that could be an issue. I : > > agree that it should be fixed, it is a serious bug, but an attacker cannot do : > > anything nefarious with this flaw. : > I think that the upstream mantainer should be have the last word : > http://verplant.org/liboping/ : : This says: : : 2009-09-29 Version 1.3.3 is available. The new release fixes a serious : security issue in oping: If the application is installed with the : SetUID-bit, anybody on the system could use oping to read arbitrary : files using the "-f" option. : : So as stated, this sounds worthy of a CVE to me. Thoughts? Is it so different than "vulnerable if dangerous_php_option=true is configured"? I guess the distinction is that we know many systems configure PHP with dangerous options, while admins generally don't run around slapping SUID on everything. To me, it is a vuln if there is a reasonable case where it may be SUID, or called with increased privileges.
Current thread:
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Oct 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents yersinia (Oct 17)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents security curmudgeon (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Tomas Hoger (Nov 17)