oss-sec mailing list archives
CVE id request: op
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sat, 12 Jul 2008 21:38:39 +0200
Hi, op, a replacement for sudo that is used to grant access to certain root operations to users suffers of a stack based buffer overflow because of missing bounds check of the XAUTHORITY variable used if op is configured with --enable-xauth and op.conf uses the xauth configuration option. Under a normal installation this tool runs with an effective user id 0 so it is possible to exploit this and get more privileges or execute arbitrary code with root privileges. Fixed upstream changeset: http://swapoff.org/changeset/563 Steve, could you assign a CVE id to this? Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request: op Nico Golde (Jul 12)
- Re: CVE id request: op Steven M. Christey (Jul 18)