oss-sec mailing list archives

CVE requests: opie off by one and setuid() failure

From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 22 Jun 2011 16:28:47 +0200

Hi,

Can someone assign 2 CVE's for a off by one in opiesu
and a missing setuid() retval check in opielogin which
leads to easy root compromise? Reviewed opie-2.4.

Patches are available here:

https://bugzilla.novell.com/show_bug.cgi?id=698772

thx,
Sebastian


-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team

---
SUSE LINUX Products GmbH,
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany

Current thread:

CVE requests: opie off by one and setuid() failure Sebastian Krahmer (Jun 22)
- Re: CVE requests: opie off by one and setuid() failure Vasiliy Kulikov (Jun 22)
- Re: CVE requests: opie off by one and setuid() failure Josh Bressers (Jun 23)