oss-sec mailing list archives

Re: CVE requests: opie off by one and setuid() failure

From: Vasiliy Kulikov <segoon () openwall com>
Date: Wed, 22 Jun 2011 18:33:56 +0400

Hi,

On Wed, Jun 22, 2011 at 16:28 +0200, Sebastian Krahmer wrote:

Can someone assign 2 CVE's for a off by one in opiesu
and a missing setuid() retval check in opielogin which
leads to easy root compromise? Reviewed opie-2.4.

Patches are available here:

https://bugzilla.novell.com/show_bug.cgi?id=698772


I don't see memory zeroing before strcat():

argvbuf[0] = 0;

Probably it is not spotted as it is the first malloc(), but it is a bug.


Thanks,

-- 
Vasiliy

Current thread:

CVE requests: opie off by one and setuid() failure Sebastian Krahmer (Jun 22)
- Re: CVE requests: opie off by one and setuid() failure Vasiliy Kulikov (Jun 22)
- Re: CVE requests: opie off by one and setuid() failure Josh Bressers (Jun 23)