Date: Tue, 31 Aug 2010 16:02:14 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: Josh Bressers <bressers@...hat.com> cc: oss-security@...ts.openwall.com Subject: Re: CVE id request: libc fortify source information disclosure I think this technically qualifies as an "exposure" which is the "E" in "CVE" - it can be used as a stepping stone for exploitation of another vulnerability. (Very old, unwieldy definitions here: http://cve.mitre.org/about/terminology.html) The risk may be very minimal, but the FORTIFY_SOURCE protection mechanism is not working "as advertised" - it can be manipulated for an admittedly-small information leak. Use CVE-2010-3192 for the issue. - Steve On Tue, 31 Aug 2010, Josh Bressers wrote: > ----- "Nico Golde" <oss-security+ml@...lde.de> wrote: > >> Hi, >> http://seclists.org/fulldisclosure/2010/Apr/399 >> did this ever get a CVE id? As this also works for setuid programs it >> would be >> nice to get one assigned and have this patched. >> > > Steve, > > What is MITRE policy on this one. By itself I question if this is a > security flaw, but it also would appear to have the potential to turn a DoS > into something worse. > > I'm not sure what policy is in this instance. > > Thanks. > > -- > JB > > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ