Date: Thu, 3 Sep 2015 01:11:05 -0400 (EDT) From: cve-assign@...re.org To: fw@...eb.enyo.de Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: screen stack overflow (deep recursion) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Use CVE-2015-6806. We feel that the CVE inclusion case for this issue might be marginal. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797624#5 says Hence this can be used to cause a denial of service attack by tricking a user into e.g. displaying a file with "cat" inside screen For purposes of determining whether a vulnerability exists, we aren't sure that a user is entitled to use cat on an untrusted file within an arbitrary terminal-like program, and feel confident that a potentially unwanted behavior is impossible. Maybe the user should be using "cat -v" on untrusted files. For example, suppose that the specific terminal-like program had this potentially unwanted behavior: The font size is changed to something extremely small. The only way for the user to recover is to type (not paste) a complex fontsize-increase command code, and there is no way for the user to see what they are typing. This might be considered a denial of service by the attacker who constructs the untrusted file; however, we think it isn't necessarily a vulnerability. The vendor might believe that this behavior is a bug (or, conceivably, believe that it isn't a bug), without believing that it violates any security expectations. There might be a hierarchy of impacts, e.g., -- executes arbitrary shell commands contained in the untrusted file (maybe everyone feels that this violates security expectations) -- stack overflow (probably almost everyone feels that this violates security expectations) -- enables command logging to a mode 0600 file, and in doing that can overwrite an existing log file (maybe most people feel that this violates security expectations) -- enables command logging to a mode 0600 file, and in doing that cannot overwrite a file (probably some people feel that this violates security expectations) -- changes the font size, leading to an inconvenience for the victim (possibly few people feel that this violates security expectations) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJV59XEAAoJEL54rhJi8gl5UOAQALKk4xHSoN22cxkD7OH5KGTX rYFiL+z0UsHXOP3ZY4HMQss5F7LPawlLcobqsHI0UMPsj08VNizwtO/S0Hqg8NJt uvm/0DKQB35pinXBueu9hQYw9Le2LHXCOE/whAfDjfXcpxE+YB+HUmLhIC/g59zT 11nL7sGvZZUVdKqcYi0EPsNsZGr5mIHgWJHQgDAGqoZvvPLuKpHV51Q1xC3W5YdO WSOhbpZcJKYR6l/OT4BNc1ooxDow7KT6KkMRb0xKj3e3QvxuuUZTRjXMfPmsrQiV dMro5XDQleJBq0paIoFO/3F9coc9YThFzs+iONW/TRT7pV8j4LrV5/KNqHES/WmZ 6OKvFbnzEloqa0fO5zhFH3zqk1W7pKpoo5HirsmFz3jj/MUKUFQU/Gp3TpHqRtpF CxJlCjw1wNn5kNpCF5+W/RQ/5AAguDoFeh67/hCY/ZBlCkYuWrCoCJGO+b8UJs2r GfGfkwMr/z+89WPsqRnsaM71orNjcdoJ6hIQz9Igf+gWmO28HMbCvlNgMU+yQIle 2FHIr7p1WxVKaL9SvuNaZtHi62Z+9cvEe5PCoVu/E6WWXvqZvXFJybSbDV5nZ6pQ pQZgQnOzmAaEgiZ5QumtFgfGnnsvJ/xNS5FTX8K59WkKD51RIPDJxdl7Gx7TnBcs 6msFm1BHOfC2cV99NVtj =kMUn -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.