Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 14 Jan 2016 22:57:20 -0500 (EST)
From: cve-assign@...re.org
To: kseifried@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for Kubernetes api server: build config to a strategy that isn't allowed by policy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> CVE request (one is the problem, the other the fix):
> 
> https://github.com/openshift/origin/issues/6556
> https://github.com/openshift/origin/pull/6576
> 
> You can modify a build so that it escalates privileges when built, you
> can't build it yourself (that fails) but if the imagestream trigger is used
> then it would build and you'd have escalated privileges.

>> pkg/build/admission/admission.go
>> 
>> -  Handler: admission.NewHandler(admission.Create),
>> +  Handler: admission.NewHandler(admission.Create, admission.Update),

Use CVE-2016-1906.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWmGzAAAoJEL54rhJi8gl5RsoP/0XiA5NuaONohleODumNEtnk
vBX0Qs7kI3OngNJl1CVodLum+1dO90ngGwRpvVb7LgFnX780f/buOYlKeLOhHOdz
MxjqjkvL9krDTcOXiTc2IUcYchLJCeVmxCHlDA6dzvhNukThKidbmKOWCQkXYJXE
q+75TzXB14zxl4zTTjnw0Q5H1mI0itNbPby1+wTWI1Tq99Wximw4c729VFj161eW
OSnqNQk44j6FlDp6QINoYM+njHphcl/1rJm9J+Qfx9s0Z06Flaig7q89FQ5F5WFO
W2hwAuFhbo+mk1utxzCk+Z4Uh2dUOW86WFrGLd9nx/W4GYrkRekkdSyx8aBKPwy4
aQhV/cZy4IrKd3WJz2J+ivrbbpg1+UwGnZd8oUyLhw+9GoGyY8it9C3iNgTQEbPL
995s2wPIWsZAVAUX/lb11x1NqfDJ5JKR3UJr4MypEaXyz2nM/A/eDEMyEaJkfrzj
/rlmuCeQLwZZ70I+ELz65qPQFI14lFDGQN6QNVL0NM6fNqUol6e85GKH6nuAiuJY
htOPFSAEaQ4Of92gj1V15o6ZqlGfr8LApkZIadqmFlATSijn3aZ/KB85Pl3Y+vdf
JXTkuC+aVKoUvnP4RCk4wbxEwEyeSix1KsHfpb+8nozvy/fmdlA3SRfJTUTtyakw
3KIccaubTIANgI7hO226
=riuw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.