Date: Tue, 16 Jun 2015 17:06:24 -0400 (EDT) From: cve-assign@...re.org To: walters@...bum.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, mitr@...hat.com Subject: Re: CVE request for polkit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> https://bugs.freedesktop.org/show_bug.cgi?id=90837 >> https://bugs.freedesktop.org/show_bug.cgi?id=90832 This can have a single CVE ID, CVE-2015-4625. > this > approach passes through the uid of the caller from the setuid binary, > ensuring that we only look up `AuthenticationAgent`s that were created > by a matching uid. With only this change, the original report of "another process can generate 2^32 authentication sessions and just disconnect immediately. The counter gets incremented but the cookies never get removed from the list, until eventually counter wraps and a second cookie is minted." would still be considered an implementation error, but it could no longer be considered "exploitable" in the context of the current polkit security model. In other words, because the two concerns (90832 and 90837) are not independent vulnerabilities, there should not be two CVE IDs. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVgI9cAAoJEKllVAevmvmsFuMIAIyxB79JHByD5607hzwv6+gL IT0YBcbDT1ow3uKIz+S5S91HpxJKCbg5InNzhCac0EpKU2l4HxILIdk0l/wcmnf9 rzr4kSzvRATaQYkj9X5oPIrLYXGSrGdxy6KYe8LMa0/Sis6RLVJve7C3YlCx1yZU FJMU43g3/sap7ReK40V8FnEDB4e3BH6+fUg5tqF+Q/rvvEEbwap3s2tv6GsP8RM/ cskGx2sgrLRO2fo/3NyIb8kOuJq8xmgVrCnNzzIoqvs9yzQTmMmGDLPfzN276nxB /NCsNJITO1Unb+TwZknxRJjBv4Ic1CfCC2IFD7vG/MgdO+3Zll+rZlml+5b0Zlg= =Mb9/ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ