Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 19 Jul 2014 13:32:50 +0200
From: intrigeri <intrigeri@...m.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE's for intersection vulnerabilities

Hi,

Kurt Seifried wrote (19 Jul 2014 00:33:38 GMT) :
> So long story short: we have a program called sosreport that is used
> to send system information back to Red Hat so we can help customers
> troubleshoot their problems. It would appear we have three main
> classes of (potential) security vulnerabilities:

The severity of these potential vulnerabilities may partly depend on
how well sosreport authenticates the server it sends information to.

Cheers,
--
intrigeri

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ