oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: oping allows the disclosure of arbitrary file contents

From: Josh Bressers <bressers () redhat com>
Date: Fri, 16 Oct 2009 16:06:56 -0400 (EDT)
----- "Julien Tinnes" <julien.tinnes () gmail com> wrote:

On Thu, Oct 15, 2009 at 4:34 PM, Josh Bressers <bressers () redhat com> wrote:

----- "Julien Tinnes" <jt () cr0 org> wrote:


in case anyone cares, oping also attempts to drop privileges with
setuid(getuid()); without checking setuid()'s return value.



Does that have any security implications though? I've not looked at the
app.  If it's a security problem, I'll give it a CVE id.


I didn't really look either. Because of this, everything will run as root
while it shouldn't, but an attacker might need a second bug to elevate
privileges.  I would still consider it a security problem.



I took a look in the oping source. Without another security flaw, this is just
a bug, oping doesn't do anything while still root that could be an issue. I
agree that it should be fixed, it is a serious bug, but an attacker cannot do
anything nefarious with this flaw.

I'm happy to let Steve overrule me if he wishes, but I'm not going to assign
this a CVE id.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: