oss-sec mailing list archives
Re: CVE request: oping allows the disclosure of arbitrary file contents
From: Josh Bressers <bressers () redhat com>
Date: Thu, 15 Oct 2009 10:36:41 -0400 (EDT)
----- "Steve Kemp" <steve () steve org uk> wrote:
oping is setuid root application and one of the command line arguments allows a configuration file to be specified. This file is read and *reported* to the console - Unless the file is lucky enough to look like a list of hostnames. Brief details here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548684
I've not found a CVE id for this anywhere, so here goes: CVE-2009-3614 oping arbitrary local file disclosure Thanks. -- JB
Current thread:
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)