oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: oping allows the disclosure of arbitrary file contents

From: Julien Tinnes <julien.tinnes () gmail com>
Date: Thu, 15 Oct 2009 16:44:49 +0200
On Thu, Oct 15, 2009 at 4:34 PM, Josh Bressers <bressers () redhat com> wrote:

----- "Julien Tinnes" <jt () cr0 org> wrote:


in case anyone cares, oping also attempts to drop privileges with
setuid(getuid()); without checking setuid()'s return value.

It's an obvious vulnerability, because a local attacker can make
setuid() fail by setting a resource limit of 0 for RLIMIT_NPROC with
setrlimit().



Does that have any security implications though? I've not looked at the app.
If it's a security problem, I'll give it a CVE id.


I didn't really look either. Because of this, everything will run as
root while it shouldn't, but an attacker might need a second bug to
elevate privileges.
I would still consider it a security problem.

Julien
Previous By Date Next
Previous By Thread Next

Current thread: