oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Problems in automatic crash analysis frameworks

From: Tavis Ormandy <taviso () google com>
Date: Tue, 14 Apr 2015 13:35:20 -0700
On Tue, Apr 14, 2015 at 9:02 AM, Marc Deslauriers
<marc.deslauriers () canonical com> wrote:

Hi,

On 2015-04-14 11:55 AM, cve-assign () mitre org wrote:

This is mostly a question for the persons who assigned CVE-2015-1318
and CVE-2015-1862. Should these CVE assignments be interpreted to
mean:

  CVE-2015-1318 - in Apport, an unprivileged user can use a
                  namespace-based attack because there is an execve by
                  root after a chroot into a user-specified directory


Yes, I assigned CVE-2015-1318 to that specific issue in Apport.

Marc.


It looks like this is the patch for Apport:

http://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/2943#data/apport

It's far more complicated than I expected, and not obviously correct.
It could probably use some review, I'll think about it today.

Tavis.
Previous By Date Next
Previous By Thread Next

Current thread: