oss-sec mailing list archives
Re: CVE Request: powerdns does not clear supplementary groups
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 25 May 2012 12:10:42 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/25/2012 11:59 AM, Peter van Dijk wrote:
Hello list, On May 25, 2012, at 19:55 , Kurt Seifried wrote:Ok this part I did not know, so this is an obvious trust boundary violation (the intention was to drop privileges but it instead ADDS root privileges). Please use CVE-2012-2653 for this issue.Just in case this slipped by someone - the example given (that adds root) is not for PowerDNS but for arpwatch! Kind regards,
Yeah we probably should have started a new thread at some point =). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPv8siAAoJEBYNRVNeJnmTmBEP/3knGQ2O9jYENr9iEDNHF6WT WefK13a5Rs4y24HnPk9QfiAdZMp5UAsUGQzKT6quUlcLQqhj+OpRSkynhC8lfu9r 0DJ6YhCDW0LH4XLDk7/DedWK0kUPLLnfESxqnnvDQWT+sDRbdFNEFxZWN9TqWxlG JTyupBoxNr7Ozy7O53cYE9t82Aseg+BJr2Rd7/b6cuV0gLls96PE7o39Z6/IAVYc tcQmxOIZ+pbEmzFS0IzAUHN5KitvNndVnclGpbTwh2+ZsPRHGuiWXGSDBm9WXTi4 OVA4qbFHQ244SzFZybgxWfj8yC726JnDI48vwBcnr6OJr+KvZBgdtxPfeQMNSxSf GA5Y30KU1cxR0TvjhdIMvhFRKnH0ybYXCDkuHRYhFyyoISOaA9WgqN3CLd1f5U5L e+AMShz8HDqNpNTGb1JiG+SMswoa+z3/utIlq8kQGbsyjtZThcter6IJNqRxaEDN QoWhxSVYXg3OIj4aBNAgeY3yhGI02wfbEjNP874IXpU3h4LqktRcktfT5+c5JzBy 1d8gF2kx2rifwsj7CF0eR2vkOFHfFRSLosw9yzlhvXxtS5K8BXjxgBnZ2olgySBn 2A6kOl2Uz29hPv6xZrrkhEbrxBRBpuSedQ15S1kzznF6C3bbrAjOm/sjfFwKe8K2 ZrG3jxeZ64chYMJ7LOQ0 =wrpl -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request: powerdns does not clear supplementary groups, (continued)
- Re: CVE Request: powerdns does not clear supplementary groups David Black (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Christos Zoulas (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Peter van Dijk (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)