Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 Jan 2017 22:20:58 -0500
From: <cve-assign@...re.org>
To: <dmoppert@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: two flaws in hesiod permitting privilege elevation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [] Weak SUID check allowing privilege elevation
> 
> Hesiod unsafely checks EUID vs UID in a few places, consulting
> environment variables for configuration if they match. This could be
> used for privilege elevation under some circumstances. The fix uses
> secure_getenv() in place of getenv().
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1332508
> https://github.com/achernya/hesiod/pull/9

Use CVE-2016-10151.


> [] Use of hard-coded DNS domain if configuration file cannot be read
> 
> If opening the configuration file fails, hesiod falls back on a default
> domain ".athena.mit.edu" to retrieve managed information. A local
> attacker with the opportunity to poison DNS cache could potentially
> elevate their privileges to root by causing fopen() to fail.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1332493
> https://github.com/achernya/hesiod/pull/10

Use CVE-2016-10152.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYgtL0AAoJEHb/MwWLVhi2PDQQAJdi7nsPsB1xxrd++RQ2UUMW
L7cvq12NOEPommq0pLUjPYWM2/IqOGj56H7HSJIyBEtw+knSXM5xMUpKbdSbwa2N
gVNVcw+wu5fHQkGUzJJ0rvwsQANZDATb0NDpp1GCzSdc90V08Jok80QOlCm7FUY3
TvqefiuQBcGtF45nhPm7x2NRVkQbeU4t7ewOofBdRpRidbzHHxLC0ts0gBmZpEAR
CCv+fKOO1dLY2PIk/+jo7qczV1oqvrIgetQE9dZHp+p01NsHLdKg+Uge7/sK9k5F
dp6Zqf+Upzfg78II9cAZJwpWTOyd8zFyQRvtp82qz3DH74c2u1/lgVH2VqZtLIWn
XLoZxhKLjL/ADM9QvJFvqEIrs7nC0QGJrgoQpihGohszGTtt3l3k+b6DmPt28OIn
clgHS4z1quEqJT/YKHaFfbDVyLqjWvRQXFo4YfAUtHXur4SNzXBKy3VnPssmw+Kd
jL4gYvzrTJRlV0cG2wvHEAMb9yqTAtqPCVU7ujS+sosfBN8ADvALuQ0U9ag1JW9Q
1oSq/mQ1ZKi+07Y6GiCQBflkIYM7EIKIHQJDj2DrtZc3gM5W4ee6ilpQ83ZdJduE
JJRmwqbPwsxq4q5L2mqslIfklmUR+Fatodji7bbXpxHjqiafBXR8UdDNx+L3x0fp
bMErFJVq6SNHHilpwa6a
=J/Hc
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.