Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 17 Nov 2016 18:28:44 -0500
From: <cve-assign@...re.org>
To: <fernando@...l-life.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<chet.ramey@...e.edu>
Subject: Re: bash - popd controlled free

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> popd can be tricked to free a user supplied address in the following way:
> 
> $ popd +-111111

> Program received signal SIGSEGV, Segmentation fault.
> 0x0827f93a in popd_builtin (list=<optimized out>) at ./pushd.def:384
> 384          free (pushd_directory_list[i]);

> This could be used to bypass restricted shells (rsh) on some
> environments to cause use-after-free.

Use CVE-2016-9401.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYLjy/AAoJEHb/MwWLVhi2P8QQAKfY3sVxQ/vVBeiKqG+c61Jb
l+HoVjuWR+OOFjJ/ugbeaSE1dYFCoQzoVx+/b4nhP4sNiZExs+Odj/A2cGCr6oAj
1p9do/oEm7pE/n3VAhpqoLxnOflWvk/AOSLcR5kv2IyZWQxq/htBxdzuzdN3cdoz
4L98GPPCAnF8rhHrHiLRfkDCiC5HbzfPouL9LegUYjHAVwE6IvW+Ckoqx6fX6Diw
iXahNo0Rw4TR1HgGcp46AiThY98g1K2EeaAaz+bVNmnvX3jc+VTNkd2BMDj+QKJf
g39zYpP5BDsPhgvJHT65gqnbiWbHP6SnrANgxR7n8W/WKm+X7NAoPCfsYj1OQ3Wd
Q7UULEYZneqBwXmVrSD4IORTdOLEW1yL7FSfa6lKYpe33R32MTgOCu4oJNLWBzGy
KtpPioEahBbNX+QeyEH7wDPILWn/KitZR5WIn/wfas84Z8Tfdb1EEyIq6V6J4NA9
7IXDnwBWTG6Ipu0+VsiL2uvUUTjgiUZAo97YKblYyZmkVMKKG4Cg3CheciPbgVf8
2qpEsc4ROKjZ0Y+KWP7yI8IfUQxvtw/mAiVIJds7D092VeM/EIbXlqT2kWc1g7nA
47f94cLsskul95GeCyqZTidMMfTF+pu3RIJS8npWYXoCeh5qfFArTjsNgk2SqIHA
HrJRIk35K2RgXQ3g6jFT
=zUdd
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ