Date: Mon, 6 Oct 2014 02:43:18 -0400 (EDT) From: cve-assign@...re.org To: krahmer@...e.de Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, mbriza@...hat.com Subject: Re: various sddm vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > From: mbriza@...hat.com > Although we don't believe any of the issues you reported could lead to > a privilege escalation (as some of the resulting bugreports suggest), > we consider them to be security issues. > https://github.com/sddm/sddm/pull/279 > https://bugzilla.suse.com/show_bug.cgi?id=897788#c6 > sddm user is not available for choosing in the first place As far as we can tell, the vendor considers it a vulnerability for unauthenticated logins as sddm to succeed, so we'll assign CVE-2014-7271. The conditions under which this can happen are not clear; maybe one or more of these is true: - sddm is a regular user account, not a uid-below-1000 account, on some systems because a Linux distribution is allowed to customize the sddm account name in its own sddm package - sddm is a regular user account, not a uid-below-1000 account, on some systems because that username was in use before sddm was installed - there's a way to choose to login as sddm even if sddm isn't on the list of users > https://bugzilla.suse.com/show_bug.cgi?id=897788#c7 > https://bugzilla.suse.com/show_bug.cgi?id=897788#c8 > https://bugzilla.suse.com/show_bug.cgi?id=897788#c9 > https://github.com/sddm/sddm/pull/280 Apparently the primary problem is unsafe write operations into a directory that's completely controlled by a unprivileged user. (The chown is, in some sense, a write operation on security-relevant file metadata.) Use CVE-2014-7272 for all of these three. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUMjmKAAoJEKllVAevmvmsyBcH/RNiNIUywq9yYODGZ1/2bPWU acu4SMFvHtZ0eP26c1KYq5R7WJG/3TQwCz9OdA1SjfxcIwnBGNFOd+f85SA95v/t QVS7kLmGZQ74Z+zd+WQBDd5HNIQRpz3hJM1ppIMDwQY3xgulRN71GUKI/IRNVAL/ cxIxHnhqPWoO7Uc0+3IRZkp7fJ07+NQZreaUMxBZWYe/hE5tJXxhQIM+wuFJ0XEs DMjs2gRspQQiv2TRQX1S09vg7oVdrgTIkJPJsVPqqzMBjq6mMYIIj/yuKiU8pel+ EMBZtSedbJESOawciOKsrFLJ1ZaYGydOhKFBhu4DHAf1FXl7Ii+h8QDeOOSF+5M= =GZYa -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.