Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 05 Jun 2014 13:40:02 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
CC: Daiki Ueno <dueno@...hat.com>
Subject: [CVE request] Local privilege escalation in libfep

It was discovered that libfep uses UNIX domain sockets in the abstract 
namespace in an insecure way.  As a result, unprivileged local users 
were able to inject commands into running fep sessions of other users.

The upstream fix simply removes abstract namespace support, using a 
restricted directory to host the UNIX domain socket instead:

https://github.com/ueno/libfep/commit/293d9d3f

Abstract namespace support was introduced in this commit:

https://github.com/ueno/libfep/commit/5a170323

This means that versions from 0.0.5 to 0.0.9 (inclusive) are vulnerable, 
and 0.1.0 has the fix.

-- 
Florian Weimer / Red Hat Product Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.