Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu,  3 Sep 2015 01:11:05 -0400 (EDT)
From: cve-assign@...re.org
To: fw@...eb.enyo.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: screen stack overflow (deep recursion)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Use CVE-2015-6806.

We feel that the CVE inclusion case for this issue might be marginal.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797624#5 says

  Hence this can be used to cause a denial of service attack by
  tricking a user into e.g. displaying a file with "cat" inside screen

For purposes of determining whether a vulnerability exists, we aren't
sure that a user is entitled to use cat on an untrusted file within an
arbitrary terminal-like program, and feel confident that a potentially
unwanted behavior is impossible. Maybe the user should be using
"cat -v" on untrusted files.

For example, suppose that the specific terminal-like program had this
potentially unwanted behavior:

    The font size is changed to something extremely small. The only
    way for the user to recover is to type (not paste) a complex
    fontsize-increase command code, and there is no way for the user
    to see what they are typing.

This might be considered a denial of service by the attacker who
constructs the untrusted file; however, we think it isn't necessarily
a vulnerability. The vendor might believe that this behavior is a bug
(or, conceivably, believe that it isn't a bug), without believing that
it violates any security expectations. There might be a hierarchy of
impacts, e.g.,

 -- executes arbitrary shell commands contained in the untrusted file
    (maybe everyone feels that this violates security expectations)

 -- stack overflow (probably almost everyone feels that this violates
    security expectations)

 -- enables command logging to a mode 0600 file, and in doing that can
    overwrite an existing log file (maybe most people feel that this
    violates security expectations)

 -- enables command logging to a mode 0600 file, and in doing that
    cannot overwrite a file (probably some people feel that this
    violates security expectations)

 -- changes the font size, leading to an inconvenience for the victim
    (possibly few people feel that this violates security
    expectations)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV59XEAAoJEL54rhJi8gl5UOAQALKk4xHSoN22cxkD7OH5KGTX
rYFiL+z0UsHXOP3ZY4HMQss5F7LPawlLcobqsHI0UMPsj08VNizwtO/S0Hqg8NJt
uvm/0DKQB35pinXBueu9hQYw9Le2LHXCOE/whAfDjfXcpxE+YB+HUmLhIC/g59zT
11nL7sGvZZUVdKqcYi0EPsNsZGr5mIHgWJHQgDAGqoZvvPLuKpHV51Q1xC3W5YdO
WSOhbpZcJKYR6l/OT4BNc1ooxDow7KT6KkMRb0xKj3e3QvxuuUZTRjXMfPmsrQiV
dMro5XDQleJBq0paIoFO/3F9coc9YThFzs+iONW/TRT7pV8j4LrV5/KNqHES/WmZ
6OKvFbnzEloqa0fO5zhFH3zqk1W7pKpoo5HirsmFz3jj/MUKUFQU/Gp3TpHqRtpF
CxJlCjw1wNn5kNpCF5+W/RQ/5AAguDoFeh67/hCY/ZBlCkYuWrCoCJGO+b8UJs2r
GfGfkwMr/z+89WPsqRnsaM71orNjcdoJ6hIQz9Igf+gWmO28HMbCvlNgMU+yQIle
2FHIr7p1WxVKaL9SvuNaZtHi62Z+9cvEe5PCoVu/E6WWXvqZvXFJybSbDV5nZ6pQ
pQZgQnOzmAaEgiZ5QumtFgfGnnsvJ/xNS5FTX8K59WkKD51RIPDJxdl7Gx7TnBcs
6msFm1BHOfC2cV99NVtj
=kMUn
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ