oss-sec mailing list archives
CVE Request: adequate: privilege escalation via tty hijacking
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 28 Nov 2013 12:41:49 +0100
Hi Kurt, I would like to request a CVE for an issue with 'adequate': http://bugs.debian.org/730691 (adequate: privilege escalation via tty hijacking): ----cut---------cut---------cut---------cut---------cut---------cut----- Package: adequate Version: 0.4 Severity: serious Tags: security Justification: user security hole If root uses the --user option, then the user can hijack the tty with the TIOCSTI ioctl. This is similar to CVE-2005-4890. -- Jakub Wilk ----cut---------cut---------cut---------cut---------cut---------cut----- Fix for this was commited at: https://bitbucket.org/jwilk/adequate/commits/94e5fc5d810057bffb673501ed809f7c2dabd9ee Could a CVE be assigned to this issue? Regards, Salvatore
Current thread:
- CVE Request: adequate: privilege escalation via tty hijacking Salvatore Bonaccorso (Nov 28)
- Re: CVE Request: adequate: privilege escalation via tty hijacking Kurt Seifried (Nov 29)