Date: Thu, 17 Apr 2014 08:01:46 -0400 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: systemd stack-based buffer overflow in systemd-ask-password On 14-04-17 07:39 AM, Marc Deslauriers wrote: > Hello, > > From the Red Hat bug: > A stack-based buffer overflow was found in systemd-ask-password, a utility used > to query a system password or passphrase from the user, using a question message > specified on the command line. A local user could this flaw to crash the binary > or even execute arbitrary code with the permissions of the user running the program. > > Bug report: > https://bugzilla.redhat.com/show_bug.cgi?id=1084286 > > Fix: > http://cgit.freedesktop.org/systemd/systemd/commit/?id=036eeac5a1799fa2c0ae11a14d8c667b5d303189 > > Could a CVE please be assigned to this issue? Actually, never mind that request...crashing your own prompt isn't a security issue. Marc.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ