Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 May 2015 15:51:57 +0900
From: Mamoru TASAKA<mtasaka@...oraproject.org>
To: "oss-security@...ts.openwall.com"<oss-security@...ts.openwall.com>
Cc: "mtasaka@...oraproject.org kseifried@...hat.com secalert@...hat.com"<mtasaka@...oraproject.org.kseifried@...hat.com.secalert@...hat.com>
Subject: CVE request for proxychains-ng : current path as the first directory for
 the library search path

Dear All:

Here I submit a CVE request for proxychains-ng as it is requested as
below.

Sincerely yours,
Mamoru TASAKA <mtasaka@...oraproject.org>


------- Forwarded Message
Date :Mon, 11 May 2015 23:49:57 -0600
>From :kseifried@...hat.com
Subject :Re: bug 1147013 : current path as the first directory for the library search path

----
On 05/11/2015 11:27 PM, Mamoru TASAKA wrote:
> Dear security responsible team:
> 
> Please correct me if it is not suitable to contact you for the below case.
> I am currently reviewing new package's "Review Request" for
> proxychains-ng as
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1147013
> 
> Source available as
> https://github.com/rofl0r/proxychains-ng
> 
> Rebuilt proxychains-ng binary.rpm contains proxychains4,
> which firstly sets LD_PRELOAD to dlopen libproxychains4.so
> (contained in the same binary rpm) and execvp() the arbitrary
> command user has specified.
> 
> Looking at the code, this program (proxychains4) sets the current
> directory as the first path to search libproxychains4.so. ref:
> 
> https://github.com/rofl0r/proxychains-ng/blob/master/src/main.c#L35
> 
> I would appreciate it if you would answer to me if this
> is permitted from the viewpoint of security.
> 
> Sincerely yours,
> Mamoru TASAKA 

This is def a security flaw, similar to CVE-2009-0415 for example. Can
you please post a copy of this to oss-security@...ts.openwall.com
requesting a CVE # for this vulnerability? Also please use
secalert@...hat.com in future, it has a response SLA, this email address
does not. Thanks!


-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


Download attachment "signature.asc" of type "application/pgp-signature" (855 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ