oss-sec mailing list archives
Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 01 Apr 2009 14:15:17 +0200
Hello Steve, On Tue, 2009-03-31 at 21:12 -0400, Steven M. Christey wrote:
On Wed, 25 Mar 2009, Jan Lieskovsky wrote:1, zsh Stack-based buffer overflow due improper escaping of the '!' character References: https://bugs.launchpad.net/ubuntu/+source/zsh/+bug/333722 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521108 https://bugzilla.redhat.com/show_bug.cgi?id=492089This doesn't seem like a vulnerability to me. It's only executable in interactive mode. If the attacker can already type in commands, then they already have the privileges to execute code.
Fair enough.
2, XFree86-xfs / xorg-x11-xfs Unsafe usage of temporary file References: https://bugs.launchpad.net/ubuntu/+source/xfs/+bug/299560 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107 https://bugzilla.novell.com/show_bug.cgi?id=408006 https://bugzilla.redhat.com/show_bug.cgi?id=492098Is this a regression of CVE-2007-3103 (DEBIAN:DSA-1342) or is there something else going on here?
Yeah, this is CVE-2007-3103.
3, screen: Unsafe usage of temporary file References: https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 https://bugzilla.redhat.com/show_bug.cgi?id=492104CVE-2009-1214 - world-readable permissions CVE-2009-1215 - symlink following
Thanks. Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
- Steve ====================================================== Name: CVE-2009-1214 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1214 Reference: MLIST:[oss-security] 20090325 CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Reference: URL:http://www.openwall.com/lists/oss-security/2009/03/25/7 Reference: MISC:http://savannah.gnu.org/bugs/?25296 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=492104 GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. ====================================================== Name: CVE-2009-1215 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1215 Reference: MLIST:[oss-security] 20090325 CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Reference: URL:http://www.openwall.com/lists/oss-security/2009/03/25/7 Reference: MISC:http://savannah.gnu.org/bugs/?25296 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=492104 Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
Current thread:
- Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Jan Lieskovsky (Apr 01)