Date: Fri, 25 Nov 2011 09:50:49 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Jan Lieskovsky <jlieskov@...hat.com>, Ludwig Nussel <ludwig.nussel@...e.de> Subject: Re: CVE Request: colord sql injections On 11/25/2011 08:13 AM, Jan Lieskovsky wrote: > Hi Ludwig, > > thank you for the report. > > On 11/25/2011 11:55 AM, Ludwig Nussel wrote: >> Hi, >> >> colord did not quote user supplied strings which made it prone to >> SQL injections: >> https://bugs.freedesktop.org/show_bug.cgi?id=42904 >> https://bugzilla.novell.com/show_bug.cgi?id=698250 > > Just to have this one sorted out wrt to the patches, the relevant > upstream patches are these two: >  > http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b >  > http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e > > right? > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Response Team > >> >> When colord runs as root and local active users are allowed to >> create new devices (both are the defaults AFAIK) this allows not >> only to corrupt colord's own database but also to leverage it to >> modify other databases in the system (PackageKit for example also >> uses sqlite). >> >> PoC available on request. >> >> cu >> Ludwig >> > Please use CVE-2011-4349 for these SQL injection issues. -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ