oss-sec mailing list archives
Re: Linux namespaces: It is possible to escape from bind mounts
From: cve-assign () mitre org
Date: Mon, 6 Apr 2015 16:29:32 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Do you have a specific scenario in mind?
We think your question is based on a misinterpretation of what we wrote. To avoid that, we shouldn't have started a sentence with "As far as we can tell, the patches don't address."
As far as we can tell, the patches don't address a separate scenario in which a ".." attack can occur but the underlying problem is something other than rename handling. So, we don't think a second CVE ID is needed.
wasn't intended to mean: The patches are inadequate because a separate scenario exists, and that separate scenario is not addressed by the patches. Instead, it was intended to mean: We are not disputing that the patches are adequate. Also, in our current understanding, all attack scenarios ultimately depend on the previously incorrect handling of renames. Because there isn't a second type of scenario, there isn't a second CVE ID. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVIuvxAAoJEKllVAevmvmsIdQH/1WSCy4MpOVBZGJYDTaEbg7E ZSwMKLzYq8cz3WCUXXOiZE+sWNmOW1hIeXQ6yqncP0wjHnkcvx0b9HIsB6IZVXWw iat281etggs1DLogyp1loG91N8xVjIGQM4Vvno0ciiEh3/hrNzc9J8Pyf6M6k/ec mC26mdQZAg8LHfL14iPDr8AzTAKEpV3TN9nzA+aSmz6TMF5PqVSLy9QGSl8IteVa HIF6lG3g7jyUWX3LZa9iEQK9V5JO+BIbwuIQNW7+lDJdpZpPXcv2MsZ4avkPe/MB OtviouuopAMIVjmHCYLXo5NPE5drcZshmU4rjesGMpqmsSt+36vHKidDgjEFMYs= =HorD -----END PGP SIGNATURE-----
Current thread:
- Linux namespaces: It is possible to escape from bind mounts Jann Horn (Apr 03)
- Re: Linux namespaces: It is possible to escape from bind mounts cve-assign (Apr 04)
- Re: Linux namespaces: It is possible to escape from bind mounts Andy Lutomirski (Apr 06)
- Re: Linux namespaces: It is possible to escape from bind mounts cve-assign (Apr 06)
- Re: Linux namespaces: It is possible to escape from bind mounts Andy Lutomirski (Apr 06)
- Still unfixed? Re: [oss-security] Linux namespaces: It is possible to escape from bind mounts Jann Horn (May 14)
- Re: Linux namespaces: It is possible to escape from bind mounts Solar Designer (Jun 12)
- Re: Linux namespaces: It is possible to escape from bind mounts cve-assign (Apr 04)