Date: Wed, 6 May 2015 11:43:03 -0400 (EDT) From: cve-assign@...re.org To: misc@...b.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Local privileges escalation in rubygem open-uri-cached -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > open-uri-cached, a rubygem that will cache downloaded data when using > open-uri, is susceptible to a local attack It appears that the critical issue you've identified is execution of code found in an untrusted location under /tmp. Use CVE-2015-3649. In most cases, this specific class of /tmp misuse issues is unrelated to Symlink Following. However, when such an issue exists, it is conceivable that a Symlink Following vulnerability also exists, could be fixed independently, and would be of interest to an attacker who has a goal of overwriting a file rather than directly executing code. The MITRE CVE team has not done any original research to check for a Symlink Following vulnerability. If a Symlink Following vulnerability were to exist, it would not be within the scope of CVE-2015-3649. Also, the message refers to "usage of YAML in a insecure way." We have not done any original research to determine whether, in a scenario where the "untrusted location under /tmp" were no longer used, a YAML-related vulnerability would still be exploitable. If an independent "YAML misuse" vulnerability were to exist, it would not be within the scope of CVE-2015-3649. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVSjYYAAoJEKllVAevmvmsBc0H/1rb5MtLd0UXcNc1Ez6dL3dC tLUB6CrujIs3yp5ynaNsg6b2cmBoF6GxGRTB4ea4Lg9n4Bv/Ovr6u1aRhtx1gz1f XtlPnlO4nOzC1Kh9aOa33SvxiRqUw+Ch7G4Vi9tAHYxaxBFH9DGhEvYCC3KWQ4Za dSMirU3CfkNIywwp3xzAAltXy/tg4VXq4tM0x6j9KK2URhaPJuNVcZDsp12OSpDO umhE3JJY0FL5eY1QD6YjbyrZbDe7HxjxjhpdpPV8Jh1qcdsttiY1vYq/CQWSwmDu v/4GfZjw7pR3Bh0uBfVgZ2CmmnWNFCgX2ECWH8D6Nyfy2Im5vG16eFE45ANtRkY= =NJDF -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ