oss-sec mailing list archives
Re: CVE Request: powerdns does not clear supplementary groups
From: Peter van Dijk <peter.van.dijk () netherlabs nl>
Date: Fri, 25 May 2012 19:59:48 +0200
Hello list, On May 25, 2012, at 19:55 , Kurt Seifried wrote:
Ok this part I did not know, so this is an obvious trust boundary violation (the intention was to drop privileges but it instead ADDS root privileges). Please use CVE-2012-2653 for this issue.
Just in case this slipped by someone - the example given (that adds root) is not for PowerDNS but for arpwatch! Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
Current thread:
- Re: CVE Request: powerdns does not clear supplementary groups, (continued)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups David Black (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Christos Zoulas (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Peter van Dijk (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)