Date: Thu, 02 Jun 2011 19:23:14 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security <oss-security@...ts.openwall.com>, Russell Coker <rcoker@...hat.com>, Daniel Ruoso <daniel@...so.com> Subject: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Hello Josh, Steve, vendors, based on Debian BTS report:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843 (first CVE-2011-XXYY required for Debian case) looked more into original report:  https://bugzilla.redhat.com/show_bug.cgi?id=173008 and the first paragraph of  suggests: "When starting a program via "su - user -c program" the user session can escape to the parent session by using the TIOCSTI ioctl to push characters into the input buffer. This allows for example a non-root session to push "chmod 666 /etc/shadow" or similarly bad commands into the input buffer such that after the end of the session they are executed." this should get a CVE-2005-YYZZ CVE id. Could you allocate these? Thank you & Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ