oss-sec mailing list archives
Re: [CVE request] Local privilege escalation in libfep
From: cve-assign () mitre org
Date: Fri, 6 Jun 2014 07:46:38 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It was discovered that libfep uses UNIX domain sockets in the abstract namespace in an insecure way.
https://github.com/ueno/libfep/commit/293d9d3f7565f01a9dc40b53259886832eaa2ace
Don't use abstract Unix domain sockets
fep/control.c - sun.sun_path[0] = '\0'; - memcpy (sun.sun_path + 1, path, strlen (path));
libfep/client.c - sun.sun_path[0] = '\0'; - memcpy (sun.sun_path + 1, address, strlen (address));
Use CVE-2014-3980. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTkanIAAoJEKllVAevmvms2zIH/2NbfRXcICXMYGBTIxDiPODL IVu+y28bpIy5Rt0hHn/oXTeL6Kd++B57LKu6Kh0P+QRDG0eD5vN+vlMjjkM3uf7r 1U745tsLfjQy0moldprkzO9y1S8dIJzQu2LzkrpNMtb7kC3YiGmyARo5l8fntf+1 ZCd42S85RdcOPFinLNOaLvNelz7dXFLzpCHfNJa2MhquBLUvrbX0mCtq9GbeQ5eC aKTP83qU3GNks/qmqYxwNhOktLVI5P9beKJe7oaU2clJEzWEAtcxIdt8iFoTvgdx 31rvPSMoZCEZgHZNn3o9goUir6x/mGLjVVR7mZ+ra8TrKSBS3MmGl+gGJLHjin8= =xubs -----END PGP SIGNATURE-----
Current thread:
- [CVE request] Local privilege escalation in libfep Florian Weimer (Jun 05)
- Re: [CVE request] Local privilege escalation in libfep cve-assign (Jun 06)