oss-sec mailing list archives

Re: [CVE request] Local privilege escalation in libfep

From: cve-assign () mitre org
Date: Fri, 6 Jun 2014 07:46:38 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It was discovered that libfep uses UNIX domain sockets in the abstract
namespace in an insecure way.

https://github.com/ueno/libfep/commit/293d9d3f7565f01a9dc40b53259886832eaa2ace

Don't use abstract Unix domain sockets

fep/control.c
-  sun.sun_path[0] = '\0';
-  memcpy (sun.sun_path + 1, path, strlen (path));

libfep/client.c
-  sun.sun_path[0] = '\0';
-  memcpy (sun.sun_path + 1, address, strlen (address));


Use CVE-2014-3980.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTkanIAAoJEKllVAevmvms2zIH/2NbfRXcICXMYGBTIxDiPODL
IVu+y28bpIy5Rt0hHn/oXTeL6Kd++B57LKu6Kh0P+QRDG0eD5vN+vlMjjkM3uf7r
1U745tsLfjQy0moldprkzO9y1S8dIJzQu2LzkrpNMtb7kC3YiGmyARo5l8fntf+1
ZCd42S85RdcOPFinLNOaLvNelz7dXFLzpCHfNJa2MhquBLUvrbX0mCtq9GbeQ5eC
aKTP83qU3GNks/qmqYxwNhOktLVI5P9beKJe7oaU2clJEzWEAtcxIdt8iFoTvgdx
31rvPSMoZCEZgHZNn3o9goUir6x/mGLjVVR7mZ+ra8TrKSBS3MmGl+gGJLHjin8=
=xubs
-----END PGP SIGNATURE-----

Current thread:

[CVE request] Local privilege escalation in libfep Florian Weimer (Jun 05)
- Re: [CVE request] Local privilege escalation in libfep cve-assign (Jun 06)