Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 14 Jan 2016 22:57:20 -0500 (EST)
From: cve-assign@...re.org
To: kseifried@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> CVE request (one is the problem, the other the fix):
> 
> https://github.com/openshift/origin/issues/6556
> https://github.com/openshift/origin/pull/6576
> 
> You can modify a build so that it escalates privileges when built, you
> can't build it yourself (that fails) but if the imagestream trigger is used
> then it would build and you'd have escalated privileges.

>> pkg/build/admission/admission.go
>> 
>> -  Handler: admission.NewHandler(admission.Create),
>> +  Handler: admission.NewHandler(admission.Create, admission.Update),

Use CVE-2016-1906.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWmGzAAAoJEL54rhJi8gl5RsoP/0XiA5NuaONohleODumNEtnk
vBX0Qs7kI3OngNJl1CVodLum+1dO90ngGwRpvVb7LgFnX780f/buOYlKeLOhHOdz
MxjqjkvL9krDTcOXiTc2IUcYchLJCeVmxCHlDA6dzvhNukThKidbmKOWCQkXYJXE
q+75TzXB14zxl4zTTjnw0Q5H1mI0itNbPby1+wTWI1Tq99Wximw4c729VFj161eW
OSnqNQk44j6FlDp6QINoYM+njHphcl/1rJm9J+Qfx9s0Z06Flaig7q89FQ5F5WFO
W2hwAuFhbo+mk1utxzCk+Z4Uh2dUOW86WFrGLd9nx/W4GYrkRekkdSyx8aBKPwy4
aQhV/cZy4IrKd3WJz2J+ivrbbpg1+UwGnZd8oUyLhw+9GoGyY8it9C3iNgTQEbPL
995s2wPIWsZAVAUX/lb11x1NqfDJ5JKR3UJr4MypEaXyz2nM/A/eDEMyEaJkfrzj
/rlmuCeQLwZZ70I+ELz65qPQFI14lFDGQN6QNVL0NM6fNqUol6e85GKH6nuAiuJY
htOPFSAEaQ4Of92gj1V15o6ZqlGfr8LApkZIadqmFlATSijn3aZ/KB85Pl3Y+vdf
JXTkuC+aVKoUvnP4RCk4wbxEwEyeSix1KsHfpb+8nozvy/fmdlA3SRfJTUTtyakw
3KIccaubTIANgI7hO226
=riuw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ