oss-sec mailing list archives
CVE requests: opie off by one and setuid() failure
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 22 Jun 2011 16:28:47 +0200
Hi, Can someone assign 2 CVE's for a off by one in opiesu and a missing setuid() retval check in opielogin which leads to easy root compromise? Reviewed opie-2.4. Patches are available here: https://bugzilla.novell.com/show_bug.cgi?id=698772 thx, Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team --- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany
Current thread:
- CVE requests: opie off by one and setuid() failure Sebastian Krahmer (Jun 22)
- Re: CVE requests: opie off by one and setuid() failure Vasiliy Kulikov (Jun 22)
- Re: CVE requests: opie off by one and setuid() failure Josh Bressers (Jun 23)