oss-sec mailing list archives
Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free)
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 12 Nov 2013 11:13:14 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/12/2013 09:14 AM, Stefan Bühler wrote:
Hi, I'd like to request CVE ids for the following issues in lighttpd: 1. setuid/setgid/setgroups return values are not checked If setuid() fails for any reason (RLIMIT_NPROC) lighttpd runs as root. http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt
Please
use CVE-2013-4559 for this issue.
2. If FAMMonitorDirectory fails, lighttpd reads a value from already free()d memory. http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt
Please
use CVE-2013-4560 for this issue.
Both issues were found with clang static analyzer, so I assume the bad guys already know these. regards, Stefan
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSgm+6AAoJEBYNRVNeJnmTnVsP/1A9khbtz2dSTrCfO//ZrDag qF2BJokhILhkUtM4lAwHpIlbO/uVD5CLLR4Y8g6gilR2fQDWa9GU6xeoejgH60NQ ZM65qVNFYbPgx0j/anfTigzhiLiFqvYCpubdsp+s8FvBvVh07VXhVjxl1UJfT5cU m7ifw274qYtyXfu+3pLAGXqYST0onJ0oB1UA6iEuTZRU2nK7KNaEZXCFHhIiNqMR iMMFCoJERJyvXCgf19LEbjn0XFrwHW9Qbqm+jDVjh/xEDhg4SJJ59sUdODbOaEQI HQroJhfA1IWdKUPmVWe57WdPsTFYGpvB5R6P7i0y7zeeoTl1jGUnoIiaSS/t/+Yn kjpq4uqFbGa6BgC7s+hjloGk031zouIRQ8vZyt67fIWC8qU7IOH1qpUx8mRwfFtq 8smrDyWNPYEye3McYEw50GtSdrVy/EmCA+mClnskwY2GpcIPCK0X0OOzDrXgbbjC QSIKVcP/PuqTDA1JfiGYx6xq/KjtPSr5obJqQSH0sYoiIdMuBITIz8wsdOFOBhyo FoRy/c8nh8SFbxcolXpW/WCv/CYskVcOGClxXdsLEZ0tnvZUfTtNLeYcO/YfdN29 TWNcCX0l6RZyoz6L+sP94HGLP+PYhLjZiv8cXktnJzX+LIeI1wyvbHI6588OvpkE 0yYAJ1vStCWr3J5duQ1k =00La -----END PGP SIGNATURE-----
Current thread:
- CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free) Stefan Bühler (Nov 12)
- Re: CVE Request: lighttpd multiple issues (setuid/... unchecked return value, FAM: read after free) Kurt Seifried (Nov 12)