oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: adequate: privilege escalation via tty hijacking

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 29 Nov 2013 01:02:34 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/28/2013 04:41 AM, Salvatore Bonaccorso wrote:

Hi Kurt,

I would like to request a CVE for an issue with 'adequate':

http://bugs.debian.org/730691 (adequate: privilege escalation via
tty hijacking):

----cut---------cut---------cut---------cut---------cut---------cut-----



Package: adequate

Version: 0.4 Severity: serious Tags: security Justification: user
security hole

If root uses the --user option, then the user can hijack the tty
with the TIOCSTI ioctl.

This is similar to CVE-2005-4890.



Please use CVE-2013-6409 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSmEoZAAoJEBYNRVNeJnmTPY8P/0vsH+KVUmCJK5CVGDh2EkDX
GP8JoZjBzdaasyCK0QoNiNtkShrea4Uju6ngOFxMYJouo7xa29mZ4oTI71W+ehIA
ff6TlDPvbO17DcOwjR+FhhY2vCcbXU3sLyWZGAgbnQAW+GQbxcFyVVF/Ws00Ejc8
frS9pyvZVkmBJogoWnd2QR1FVRYBajizlJB9KSZMEjiVrPpUo5ARNxKUiRVHEv7n
glHKF82ZxqSDSNZ1QRhnNlcx7n14XrnhlUia0GsYqzF1hDLh/5M5RmU9dCayZOUe
noGrLLt3BA21hAIjQMSyURSklQgoQFThjsOynsA7XKu8j/uvCTU49lUClROf75/G
TmCGQKrzciheRRN/ezstb5GledYNRQtO+8ShcOHeKAaaQ3dMowy4xonSrVBxSw3s
1lXgtYE1oMPis25FaepSXydcSLU9DdPAujig+2m5v5Fv4t5u39QyKxZcOrkg4a9B
725mIr3yIkPWfr8ECSCOZqDeK6SOTy8578+jnlkrch1CQxrP21nNoO+cDYpaFmdF
wM9F3XQb8NOBfOd+gQMBxSBx62S9UHC+6/MzhKgnwzP1eZqojSEDgdWuX60Kt4LL
idKA5P+bz03nfdPcFTQXLqF9mtX8uvGtlsaKne5SvsBIoox/RQd1QNkxFXFM6f/h
Duy1GvBKmHcGYH32/vbA
=U2b4
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: