oss-sec mailing list archives
Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 31 Mar 2009 21:12:25 -0400 (EDT)
On Wed, 25 Mar 2009, Jan Lieskovsky wrote:
1, zsh Stack-based buffer overflow due improper escaping of the '!' character References: https://bugs.launchpad.net/ubuntu/+source/zsh/+bug/333722 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521108 https://bugzilla.redhat.com/show_bug.cgi?id=492089
This doesn't seem like a vulnerability to me. It's only executable in interactive mode. If the attacker can already type in commands, then they already have the privileges to execute code.
2, XFree86-xfs / xorg-x11-xfs Unsafe usage of temporary file References: https://bugs.launchpad.net/ubuntu/+source/xfs/+bug/299560 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107 https://bugzilla.novell.com/show_bug.cgi?id=408006 https://bugzilla.redhat.com/show_bug.cgi?id=492098
Is this a regression of CVE-2007-3103 (DEBIAN:DSA-1342) or is there something else going on here?
3, screen: Unsafe usage of temporary file References: https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 https://bugzilla.redhat.com/show_bug.cgi?id=492104
CVE-2009-1214 - world-readable permissions CVE-2009-1215 - symlink following - Steve ====================================================== Name: CVE-2009-1214 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1214 Reference: MLIST:[oss-security] 20090325 CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Reference: URL:http://www.openwall.com/lists/oss-security/2009/03/25/7 Reference: MISC:http://savannah.gnu.org/bugs/?25296 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=492104 GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. ====================================================== Name: CVE-2009-1215 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1215 Reference: MLIST:[oss-security] 20090325 CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Reference: URL:http://www.openwall.com/lists/oss-security/2009/03/25/7 Reference: MISC:http://savannah.gnu.org/bugs/?25296 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=492104 Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
Current thread:
- CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Jan Lieskovsky (Mar 25)
- Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Steven M. Christey (Mar 31)