Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Mar 2016 13:04:50 +0100
From: Salva Peiró <speirofr@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: The minissdpd (v 1.2.20130907-3) is affected by an
 improper validation of array index weakness

Hi everyone,

A vulnerability in the minissdpd daemon has been found that affects
minissdpd version 1.2.20130907-3 available in Debian and Ubuntu.
The vulnerability can be exploited by a local unprivileged user
with write access to /var/run/minissdpd.sock to crash the minissdpd
daemon that runs with superuser privileges.

More details at:
https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=minissdpd;dist=unstable.

Is there a CVE for this? If not, could one be assigned, please?

Regards,
Salva Peiró

--
Salva Peiró @ https://speirofr.appspot.com
CS Researcher & Software Engineer
Universitat Politècnica de València, Spain.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ