[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Jun 2011 10:51:51 +0200
From: Ludwig Nussel <ludwig.nussel@...e.de>
To: oss-security@...ts.openwall.com,
"Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl
Jan Lieskovsky wrote:
> Hello Josh, Steve, vendors,
>
> based on Debian BTS report:
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843
> (first CVE-2011-XXYY required for Debian case)
>
> looked more into original report:
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=173008
>
> and the first paragraph of [2] suggests:
> "When starting a program via "su - user -c program" the user session
> can escape to the parent session by using the TIOCSTI ioctl to push
> characters into the input buffer. This allows for example a non-root
> session to push "chmod 666 /etc/shadow" or similarly bad commands into
> the input buffer such that after the end of the session they are
> executed."
>
> this should get a CVE-2005-YYZZ CVE id.
>
> Could you allocate these?
ping! :-)
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
