oss-sec mailing list archives
Re: CVE request: oping allows the disclosure of arbitrary file contents
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 9 Nov 2009 20:49:33 -0500 (EST)
On Mon, 9 Nov 2009, Josh Bressers wrote:
That issue has a CVE id. I gave it CVE-2009-3614 quite some time ago. http://marc.info/?l=oss-security&m=125561742729846&w=2
A "feature" in our oss-security list monitor prevented me from noticing this post. Apologies.
The discussion then branched out into if an unchecked call to setuid to drop permissions is a security flaw (as a user could cause it to fail, preventing oping from dropping privs). I saw nothing in the code that showed it to be anything but a bug, as oping doesn't do anything exciting after the call could fail.
OK, in this context I would agree (just to be consistent with my Oct 16 post.) - Steve
Current thread:
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Oct 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents yersinia (Oct 17)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents security curmudgeon (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 16)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Tomas Hoger (Nov 17)