Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Jun 2011 16:28:47 +0200
From: Sebastian Krahmer <>
Subject: CVE requests: opie off by one and setuid() failure


Can someone assign 2 CVE's for a off by one in opiesu
and a missing setuid() retval check in opielogin which
leads to easy root compromise? Reviewed opie-2.4.

Patches are available here:



~ perl
~ $_='print"\$_=\47$_\47;eval"';eval
~ - SuSE Security Team

SUSE LINUX Products GmbH,
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ