oss-security - Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo

Openwall GNU/*/Linux 3.0 - a small security-enhanced Linux distro for servers

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 10 May 2011 17:00:14 -0400
From: William Cohen <wcohen@...hat.com>
To: Huzaifa Sidhpurwala <huzaifas@...hat.com>
CC: oss-security@...ts.openwall.com, Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Stephane Chauveau <stephane.chauveau@...s-entreprise.com>,
        Maynard Johnson <maynardj@...ibm.com>,
        Robert Richter <robert.richter@....com>
Subject: Re: Re: CVE Request -- oprofile -- Local privilege
 escalation via crafted opcontrol event parameter when authorized by sudo

On 05/03/2011 05:36 AM, Huzaifa Sidhpurwala wrote:
> Hi William,
> On 05/01/2011 07:30 AM, William Cohen wrote:
>>
>> I don't know if this is the best way to fix this issue, but attached is a patch that filters out all but alpha numeric characters and '_'. Feedback on the patch would be appreciated.
>>
> 
> It appears from the debian bug, that there may be others way to exploit
> this issue as well. hence i think we need a revised patch?
> 
> 

Hi Huzaifa,

I have generated some patches to address the CVE. However, I have not yet address the http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212#19 related to the "echo do_jitconv > $SESSION_DIR/opd_pipe"

I will send the the patches from my local git branch in a moment.

Any feedback would be appreciated.

-Will

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.