Date: Tue, 21 Jun 2011 10:51:51 +0200 From: Ludwig Nussel <ludwig.nussel@...e.de> To: oss-security@...ts.openwall.com, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Jan Lieskovsky wrote: > Hello Josh, Steve, vendors, > > based on Debian BTS report: >  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843 > (first CVE-2011-XXYY required for Debian case) > > looked more into original report: >  https://bugzilla.redhat.com/show_bug.cgi?id=173008 > > and the first paragraph of  suggests: > "When starting a program via "su - user -c program" the user session > can escape to the parent session by using the TIOCSTI ioctl to push > characters into the input buffer. This allows for example a non-root > session to push "chmod 666 /etc/shadow" or similarly bad commands into > the input buffer such that after the end of the session they are > executed." > > this should get a CVE-2005-YYZZ CVE id. > > Could you allocate these? ping! :-) cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.