oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux namespaces: It is possible to escape from bind mounts

From: cve-assign () mitre org
Date: Mon, 6 Apr 2015 16:29:32 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Do you have a specific scenario in mind?


We think your question is based on a misinterpretation of what we
wrote. To avoid that, we shouldn't have started a sentence with "As
far as we can tell, the patches don't address."


As far as we can tell, the patches don't address a separate scenario
in which a ".." attack can occur but the underlying problem is
something other than rename handling. So, we don't think a second CVE
ID is needed.


wasn't intended to mean:

  The patches are inadequate because a separate scenario exists,
  and that separate scenario is not addressed by the patches.

Instead, it was intended to mean:

  We are not disputing that the patches are adequate. Also, in our
  current understanding, all attack scenarios ultimately depend on the
  previously incorrect handling of renames. Because there isn't a
  second type of scenario, there isn't a second CVE ID.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVIuvxAAoJEKllVAevmvmsIdQH/1WSCy4MpOVBZGJYDTaEbg7E
ZSwMKLzYq8cz3WCUXXOiZE+sWNmOW1hIeXQ6yqncP0wjHnkcvx0b9HIsB6IZVXWw
iat281etggs1DLogyp1loG91N8xVjIGQM4Vvno0ciiEh3/hrNzc9J8Pyf6M6k/ec
mC26mdQZAg8LHfL14iPDr8AzTAKEpV3TN9nzA+aSmz6TMF5PqVSLy9QGSl8IteVa
HIF6lG3g7jyUWX3LZa9iEQK9V5JO+BIbwuIQNW7+lDJdpZpPXcv2MsZ4avkPe/MB
OtviouuopAMIVjmHCYLXo5NPE5drcZshmU4rjesGMpqmsSt+36vHKidDgjEFMYs=
=HorD
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: