oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Problems in automatic crash analysis frameworks

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 14 Apr 2015 10:25:19 -0600
On 04/14/2015 09:55 AM, cve-assign () mitre org wrote:

This is mostly a question for the persons who assigned CVE-2015-1318
and CVE-2015-1862. Should these CVE assignments be interpreted to
mean:

  CVE-2015-1318 - in Apport, an unprivileged user can use a
                  namespace-based attack because there is an execve by
                  root after a chroot into a user-specified directory

  CVE-2015-1862 - in ABRT, an unprivileged user can use a
                  namespace-based attack because there is an execve by
                  root after a chroot into a user-specified directory

with "Furthermore, Abrt suffers from numerous race conditions and
symlink problems" not yet mapped to any CVE IDs? (CVE-2012-5660 is a


Because I asked Taviso to report them publicly, rather than play
whack-a-mole and do it slowly on distros, I'd rather do this out in the
open and all at once =).


similar but older issue.) These additional ABRT issues would seem to
be, for example, independently relevant on a system where the kernel
was built without namespaces support. However, the raceabrt.c
attachment says "This is a race condition exploit for CVE-2015-1862."



-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: