oss-sec mailing list archives
Re: libreoffice-online "loolforkit" privileged program local root exploit
From: Matthias Gerstner <mgerstner () suse de>
Date: Thu, 21 Jan 2021 11:22:38 +0100
On Mon, Jan 18, 2021 at 04:07:40PM +0100, Matthias Gerstner wrote:
Formally libreoffice-online is covered by the "Document Foundation" CNA, therefore I did not request a CVE for this via the Mitre CVE form. I will try to contact the CNA directly in this matter.
The Document Foundation assigned CVE-2021-25630 for the missing enforcement of only allowing the "loolforkit" user to access the sensitive features of the program. Cheers Matthias
Attachment:
signature.asc
Description:
Current thread:
- libreoffice-online "loolforkit" privileged program local root exploit Matthias Gerstner (Jan 18)
- Re: libreoffice-online "loolforkit" privileged program local root exploit Matthias Gerstner (Jan 21)