Date: Thu, 9 Jan 2014 17:51:52 +0100 From: Guido Berhoerster <guido+openwall.com@...hoerster.name> To: oss-security@...ts.openwall.com Subject: Re: CVE request: tmux local denial of service (2009) * Florian Weimer <fweimer@...hat.com> [2014-01-09 17:39]: > Alexander Wirt discovered that local users can block other users > from using tmux by creating suitably named directories in /tmp: > > <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529082> > > This is a minor local denial of service issue. This was reported > publicly in 2009, so it receive an ID for that year. > > Corresponding Red Hat bug: > > <https://bugzilla.redhat.com/show_bug.cgi?id=1036136> How is that a DOS? $TMPDIR/tmux-<uid> is merely a default, tmux allows users to override the socket path using the -S command line option. -- Guido Berhoerster
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ