oss-sec mailing list archives
Re: headintheclouds tmp vulns - also request for referees decision on tmp vulns in deployment tools
From: cve-assign () mitre org
Date: Tue, 9 Sep 2014 10:24:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
there shouldn't be any users on the docker image while it's being deployed (or indeed any software pretty much at all)
it is a pretty blatant tmp vuln
It's missing one of the essential characteristics of a vulnerability: an attack that crosses privilege boundaries. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUDw0YAAoJEKllVAevmvmslxIH/0WJOQfMGT0U9aBjL+xD9p10 Ym7mFPXVEpP4joqhj+t5rqZrw8TXtl8hIAeprwVyRG4Lk2ZgcMfRbje3JRWc0wj6 qHcZAFzIwDiKBWel9ttlQDAL4ZXQbUoNxMiRMdTYS8Ohmvx6aWpxARw8QJuahPpz 80gkSInRkdcJJigUGkNnrCxhIL2UgNRGIJ8X5zxqZDiXEI+dSJ0tCL+Z8g254NAk AxyONOJvq/QQcbb4sqlgUUsm+DzmqsqpriBjpwvXsMqPg29ihEWw1mJ1ZqxOZVWv XtC3FfoJrtVO3/VcChMgaDVfUNEN8w2qTo6iiMpoHW7enWBU3+6LI2P0lv5rGgo= =+c+S -----END PGP SIGNATURE-----
Current thread:
- headintheclouds tmp vulns - also request for referees decision on tmp vulns in deployment tools Kurt Seifried (Sep 08)
- Re: headintheclouds tmp vulns - also request for referees decision on tmp vulns in deployment tools cve-assign (Sep 09)