oss-sec mailing list archives
Re: CVE requests: opie off by one and setuid() failure
From: Vasiliy Kulikov <segoon () openwall com>
Date: Wed, 22 Jun 2011 18:33:56 +0400
Hi, On Wed, Jun 22, 2011 at 16:28 +0200, Sebastian Krahmer wrote:
Can someone assign 2 CVE's for a off by one in opiesu and a missing setuid() retval check in opielogin which leads to easy root compromise? Reviewed opie-2.4. Patches are available here: https://bugzilla.novell.com/show_bug.cgi?id=698772
I don't see memory zeroing before strcat(): argvbuf[0] = 0; Probably it is not spotted as it is the first malloc(), but it is a bug. Thanks, -- Vasiliy
Current thread:
- CVE requests: opie off by one and setuid() failure Sebastian Krahmer (Jun 22)
- Re: CVE requests: opie off by one and setuid() failure Vasiliy Kulikov (Jun 22)
- Re: CVE requests: opie off by one and setuid() failure Josh Bressers (Jun 23)