CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI, ioctl

[Kurt Seifried <kseifried () redhat com>]

> Hello Josh, Steve, vendors,
>
>   based on Debian BTS report:
>   [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843
>       (first CVE-2011-XXYY required for Debian case)
>
> looked more into original report:
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=173008
>
> and the first paragraph of [2] suggests:
> "When starting a program via "su - user -c program" the user session
> can escape to the parent session by using the TIOCSTI ioctl to push
> characters into the input buffer.  This allows for example a non-root
> session to push "chmod 666 /etc/shadow" or similarly bad commands into
> the input buffer such  that after the end of the session they are
> executed."
>
> this should get a CVE-2005-YYZZ CVE id.

Please use CVE-2005-4890 for this issue.

> Could you allocate these?
>
> Thank you & Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team

-- 

-Kurt Seifried / Red Hat Security Response Team