oss-sec mailing list archives

Re: CVE request: oping allows the disclosure of arbitrary file contents

From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 16 Oct 2009 23:08:44 -0400 (EDT)


On Fri, 16 Oct 2009, Josh Bressers wrote:

----- "Julien Tinnes" <julien.tinnes () gmail com> wrote:

I took a look in the oping source. Without another security flaw, this
is just a bug, oping doesn't do anything while still root that could be
an issue. I agree that it should be fixed, it is a serious bug, but an
attacker cannot do anything nefarious with this flaw.


I agree with Josh, this would argue for *not* assigning a CVE, even though
it's a serious bug.

- Steve

Current thread:

Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 15)
  - Re: CVE request: oping allows the disclosure of arbitrary file contents Julien Tinnes (Oct 15)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Oct 16)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Oct 16)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents yersinia (Oct 17)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents security curmudgeon (Nov 09)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 09)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Steven M. Christey (Nov 09)
- Re: CVE request: oping allows the disclosure of arbitrary file contents Tomas Hoger (Nov 16)
  - Re: CVE request: oping allows the disclosure of arbitrary file contents Josh Bressers (Nov 16)
    - Re: CVE request: oping allows the disclosure of arbitrary file contents Tomas Hoger (Nov 17)