oss-sec mailing list archives
Re: CVE id request: libc fortify source information disclosure
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 31 Aug 2010 16:02:14 -0400 (EDT)
I think this technically qualifies as an "exposure" which is the "E" in "CVE" - it can be used as a stepping stone for exploitation of another vulnerability. (Very old, unwieldy definitions here: http://cve.mitre.org/about/terminology.html)
The risk may be very minimal, but the FORTIFY_SOURCE protection mechanism is not working "as advertised" - it can be manipulated for an admittedly-small information leak.
Use CVE-2010-3192 for the issue. - Steve On Tue, 31 Aug 2010, Josh Bressers wrote:
----- "Nico Golde" <oss-security+ml () ngolde de> wrote:Hi, http://seclists.org/fulldisclosure/2010/Apr/399 did this ever get a CVE id? As this also works for setuid programs it would be nice to get one assigned and have this patched.Steve, What is MITRE policy on this one. By itself I question if this is a security flaw, but it also would appear to have the potential to turn a DoS into something worse. I'm not sure what policy is in this instance. Thanks. -- JB
Current thread:
- CVE id request: libc fortify source information disclosure Nico Golde (Aug 25)
- Re: CVE id request: libc fortify source information disclosure Josh Bressers (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Steven M. Christey (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Tomas Hoger (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Dan Rosenberg (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Tomas Hoger (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Dan Rosenberg (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Steven M. Christey (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Josh Bressers (Aug 31)