Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 24 Feb 2014 09:05:41 -0500 (EST)
From: cve-assign@...re.org
To: mmcallis@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com,
        739536@...s.debian.org
Subject: Re: xfe: directory masks ignored when creating new files on Samba and NFS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536

> From brief testing on Fedora with Samba and the "create mask" smb.conf 
> option, this issue only presented when running xfe as the root user. The 
> intended mask was used when running xfe as an unprivileged user.

This seems to be an implementation error. It seems extremely unlikely
that this type of product would want to provide "weaker than normal"
file restrictions only in the special case of files created by root.

Use CVE-2014-2079.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTC0/qAAoJEKllVAevmvms3wUIAMcSqFbqmazX+KGiKmLFovm6
sRzXXyn49eBJ59fabqQx6eE1As5GeUolx35N+oe7O+U+XwRHdxGLcp5KoL4cxigq
TVvsLqtJGMyVEXKPLlqWlXyCAMhdGL4VzYTvdqbR+e8aRyZGNPn0Mt5sQ3hf+xck
mMK0AGFdRp89pVraZALMXfY4r5z331TOOfWThPnMKbWa1NzNrfoBaqbamO8BiRNF
oy94rzrPNUfgu5mYvvZtQCKyFRQKr0eB3jkb0Bq8p+spSZvWKSV1sxZbxTU55izh
0FtWgEH3yYJGq2DBrSJl/O5Q2uqbO9vrU3TwNdWTTkChYvUAYMHVXtUbjP1cw5A=
=LIWq
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ