Date: Tue, 12 May 2015 15:51:57 +0900 From: Mamoru TASAKA<mtasaka@...oraproject.org> To: "oss-security@...ts.openwall.com"<oss-security@...ts.openwall.com> Cc: "mtasaka@...oraproject.org kseifried@...hat.com secalert@...hat.com"<mtasaka@...oraproject.org.kseifried@...hat.com.secalert@...hat.com> Subject: CVE request for proxychains-ng : current path as the first directory for the library search path Dear All: Here I submit a CVE request for proxychains-ng as it is requested as below. Sincerely yours, Mamoru TASAKA <mtasaka@...oraproject.org> ------- Forwarded Message Date :Mon, 11 May 2015 23:49:57 -0600 >From :kseifried@...hat.com Subject :Re: bug 1147013 : current path as the first directory for the library search path ---- On 05/11/2015 11:27 PM, Mamoru TASAKA wrote: > Dear security responsible team: > > Please correct me if it is not suitable to contact you for the below case. > I am currently reviewing new package's "Review Request" for > proxychains-ng as > > https://bugzilla.redhat.com/show_bug.cgi?id=1147013 > > Source available as > https://github.com/rofl0r/proxychains-ng > > Rebuilt proxychains-ng binary.rpm contains proxychains4, > which firstly sets LD_PRELOAD to dlopen libproxychains4.so > (contained in the same binary rpm) and execvp() the arbitrary > command user has specified. > > Looking at the code, this program (proxychains4) sets the current > directory as the first path to search libproxychains4.so. ref: > > https://github.com/rofl0r/proxychains-ng/blob/master/src/main.c#L35 > > I would appreciate it if you would answer to me if this > is permitted from the viewpoint of security. > > Sincerely yours, > Mamoru TASAKA This is def a security flaw, similar to CVE-2009-0415 for example. Can you please post a copy of this to oss-security@...ts.openwall.com requesting a CVE # for this vulnerability? Also please use secalert@...hat.com in future, it has a response SLA, this email address does not. Thanks! -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Download attachment "signature.asc" of type "application/pgp-signature" (855 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ