oss-sec mailing list archives
Re: CVE Request coreutils
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 22 Jan 2013 08:25:23 +0100
Hi, Generally, I see your point. However sometimes services running as root 'sort' or 'uniq' user input e.g. via grepping logfiles etc, so there is indeed a real chance to indirectly trigger a privilege escalation. The past shows that segfaults can be turned into a code exec often. Its a stack overflow after all. regards, Sebastian On Mon, Jan 21, 2013 at 06:33:07PM -0700, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/21/2013 01:39 PM, Vincent Danen wrote:* [2013-01-21 19:17:49 +0100] Moritz Muehlenhoff wrote:Can someone assign a CVE id for a buffer overflow in coreutils? Its the same code snippet (coreutils-i18n.patch) and it affects sort, uniq and join: https://bugzilla.novell.com/show_bug.cgi?id=798538 https://bugzilla.novell.com/show_bug.cgi?id=796243 https://bugzilla.novell.com/show_bug.cgi?id=798541Could you send the faulty patch to the list so that distros can validate that they don't include it themselves?Red Hat/Fedora do include this patch, so it's more than just SUSE that ships them. However, when I was looking at them last week, this struck me as just a non-exploitable crash and unless I'm missing something, I think it would be quite the stretch to call it a security flaw.Agreed, there is no significant impact of exploitation and there is no real easy way to trick a victim into doing this (and even if you do, so what? now if it was code exec we might be talking about something interesting). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ/exTAAoJEBYNRVNeJnmTrW0P/3B/L/SE7akzCPUU6TW9wy1L Rpb8IIITLCz1qkb/gkUayUFJHQDjpEfmxNPJQWm1fJBrWI0bFr0wvHRuGHgyXZEA Bl+js2w0uu7kAEEf1bHjZjf7zVHZ2tvoAdzi8ypLASZisxXwSa4acy++sqmPTrSf oNOu3ChqG919VSLfD8Zf5AsGFs6G3tRzNEmYtvllt9liUFKgL6WsCNWNWUZdpWm2 crZPdyf343VvQcG5p7vYPEJLUBmnUSIauakssYPxGSp1vNBDNCC8xuVnyf1KOLfc r3BHDPRX5ooe8EcoK/zgo1owK7tP9d7FT94gIsJte3OUOP5dq6LR/R0ZMMUsneNA EjJScDCkh0hcZYCdJkqtah5aoAYI6IQvXJVtbwDM+rAvHfoMV2nkbWVZL0SgCMW/ B/hvhQJejFN3dd0wfiO5sQf5o2UxxYyIIpTE+GQP/pe8Q7F1BzR5nV87Jd3sWQY8 J873KRADBgt4RwbVUpI7dUL67UeRZCN4FiNtYYEuD5BeJWMSVoVXRHP7zBkx8GhG vgfUc02+IyxS0HTO5HIxSJnLYOSa++SxJ4/w85aqcWPLrLHhL4s1k4GELPg/JhdW Um35zAkcLNnxsxySCMIWZKEUTZ3xdpBspc3QVkw/IoyZpk+QhQTM2S/C3yWv4Q0z xwHEEqesvl8l7UlpQ2mC =rw4/ -----END PGP SIGNATURE-----
-- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Matthias Weckbecker (Jan 22)
- Re: CVE Request coreutils Kurt Seifried (Jan 23)
- Re: CVE Request coreutils Moritz Muehlenhoff (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Kurt Seifried (Jan 21)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 21)
- Re: CVE Request coreutils Vincent Danen (Jan 22)
- Re: CVE Request coreutils Sebastian Krahmer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 23)
- Re: CVE Request coreutils Florian Weimer (Jan 22)
- Re: CVE Request coreutils Vincent Danen (Jan 21)
- Re: CVE Request coreutils Michael Tokarev (Jan 21)
- Re: CVE Request coreutils Florian Weimer (Jan 22)