oss-sec mailing list archives
CVE Request: policykit (minor)
From: Kees Cook <kees () ubuntu com>
Date: Thu, 1 Apr 2010 09:55:25 -0700
Hi, Dan Rosenberg found[1] a minor information disclosure vulnerability in pkexec, which has been fixed[2] upstream. It would disclose the existence of files a given user would normally not be able to confirm: $ pkexec /home/drosenbe/secret/hidden (password prompt) $ pkexec /home/drosenbe/secret/doesnotexist Error getting information about /home/drosenbe/secret/doesnotexist: No such file or directory Thanks, -Kees [1] Ubuntu bug: https://launchpad.net/bugs/532852 [2] http://cgit.freedesktop.org/PolicyKit/commit/?id=14bdfd816512a82b1ad258fa143ae5faa945df8a -- Kees Cook Ubuntu Security Team
Current thread:
- CVE Request: policykit (minor) Kees Cook (Apr 01)
- Re: CVE Request: policykit (minor) Josh Bressers (Apr 01)