Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 Nov 2013 11:13:14 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: lighttpd multiple issues (setuid/...
 unchecked return value, FAM: read after free)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/12/2013 09:14 AM, Stefan Bühler wrote:
> Hi,
> 
> I'd like to request CVE ids for the following issues in lighttpd:
> 
> 1. setuid/setgid/setgroups return values are not checked
> 
> If setuid() fails for any reason (RLIMIT_NPROC) lighttpd runs as
> root.
> 
> http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt

Please
> 
use CVE-2013-4559 for this issue.

> 2. If FAMMonitorDirectory fails, lighttpd reads a value from
> already free()d memory.
> 
> http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt

Please
> 
use CVE-2013-4560 for this issue.

> Both issues were found with clang static analyzer, so I assume the
> bad guys already know these.
> 
> regards, Stefan


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSgm+6AAoJEBYNRVNeJnmTnVsP/1A9khbtz2dSTrCfO//ZrDag
qF2BJokhILhkUtM4lAwHpIlbO/uVD5CLLR4Y8g6gilR2fQDWa9GU6xeoejgH60NQ
ZM65qVNFYbPgx0j/anfTigzhiLiFqvYCpubdsp+s8FvBvVh07VXhVjxl1UJfT5cU
m7ifw274qYtyXfu+3pLAGXqYST0onJ0oB1UA6iEuTZRU2nK7KNaEZXCFHhIiNqMR
iMMFCoJERJyvXCgf19LEbjn0XFrwHW9Qbqm+jDVjh/xEDhg4SJJ59sUdODbOaEQI
HQroJhfA1IWdKUPmVWe57WdPsTFYGpvB5R6P7i0y7zeeoTl1jGUnoIiaSS/t/+Yn
kjpq4uqFbGa6BgC7s+hjloGk031zouIRQ8vZyt67fIWC8qU7IOH1qpUx8mRwfFtq
8smrDyWNPYEye3McYEw50GtSdrVy/EmCA+mClnskwY2GpcIPCK0X0OOzDrXgbbjC
QSIKVcP/PuqTDA1JfiGYx6xq/KjtPSr5obJqQSH0sYoiIdMuBITIz8wsdOFOBhyo
FoRy/c8nh8SFbxcolXpW/WCv/CYskVcOGClxXdsLEZ0tnvZUfTtNLeYcO/YfdN29
TWNcCX0l6RZyoz6L+sP94HGLP+PYhLjZiv8cXktnJzX+LIeI1wyvbHI6588OvpkE
0yYAJ1vStCWr3J5duQ1k
=00La
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ