oss-sec mailing list archives

Re: X.Org intel driver dev snapshots, backlight helper issue

From: cve-assign () mitre org
Date: Fri, 11 Jul 2014 03:46:14 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://lists.x.org/archives/xorg-commit/2014-July/036840.html

xf86_video_intel_backlight_helper will be installed setuid

(only beta versions have it)


Use CVE-2014-4910 for the

    - don't allow '/' in the interface name to avoid escaping the /sys
      hierarchy

issue.

At present, there is no CVE ID for the

    - check snprintf() return value for overflow.

issue. We are not sure whether this has any impact beyond triggering
an attempt to use an unintended filename under /sys/class/backlight/.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTv5WIAAoJEKllVAevmvms4YUH/3LASmq6IpPVfcmHgFwVliaF
V3IAD2OrD5G+7YjkC0qCFAoazleHJfTJziP8Qkz1OpZe9GIKhCLhyEyicwwIzgpQ
pcETqlPBuV4xPD3l0aSJLuYQC36sAWCACS+GIPZm26ZozWs7z2WTDzDcP9eyzFe1
mvOuRo28leuR+3qhyoNotjxgB+JbMr8jw8stx2qgbeIdJ9Dw+X2sfq9QG5UAF4ZM
Ob5NeBHfynXT1LpL0ZM1kYdY6BzJGdhcsKtNyMPkf/6RmmfKDLxgHXUHd6y6gtr1
GjpQn1gcKjAhCr+3e57aHsTZa8oUxDSAW0FKeHMJeOPZx5omg4Yg6CZvGA3xOYw=
=IXgK
-----END PGP SIGNATURE-----

Current thread:

X.Org intel driver dev snapshots, backlight helper issue Matthieu Herrb (Jul 04)
- Re: X.Org intel driver dev snapshots, backlight helper issue cve-assign (Jul 11)