oss-sec mailing list archives
Re: X.Org intel driver dev snapshots, backlight helper issue
From: cve-assign () mitre org
Date: Fri, 11 Jul 2014 03:46:14 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://lists.x.org/archives/xorg-commit/2014-July/036840.html
xf86_video_intel_backlight_helper will be installed setuid
(only beta versions have it)
Use CVE-2014-4910 for the - don't allow '/' in the interface name to avoid escaping the /sys hierarchy issue. At present, there is no CVE ID for the - check snprintf() return value for overflow. issue. We are not sure whether this has any impact beyond triggering an attempt to use an unintended filename under /sys/class/backlight/. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTv5WIAAoJEKllVAevmvms4YUH/3LASmq6IpPVfcmHgFwVliaF V3IAD2OrD5G+7YjkC0qCFAoazleHJfTJziP8Qkz1OpZe9GIKhCLhyEyicwwIzgpQ pcETqlPBuV4xPD3l0aSJLuYQC36sAWCACS+GIPZm26ZozWs7z2WTDzDcP9eyzFe1 mvOuRo28leuR+3qhyoNotjxgB+JbMr8jw8stx2qgbeIdJ9Dw+X2sfq9QG5UAF4ZM Ob5NeBHfynXT1LpL0ZM1kYdY6BzJGdhcsKtNyMPkf/6RmmfKDLxgHXUHd6y6gtr1 GjpQn1gcKjAhCr+3e57aHsTZa8oUxDSAW0FKeHMJeOPZx5omg4Yg6CZvGA3xOYw= =IXgK -----END PGP SIGNATURE-----
Current thread:
- X.Org intel driver dev snapshots, backlight helper issue Matthieu Herrb (Jul 04)
- Re: X.Org intel driver dev snapshots, backlight helper issue cve-assign (Jul 11)