oss-sec mailing list archives
Re: CVE request: tmux local denial of service (2009)
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 09 Jan 2014 20:06:16 +0100
On 01/09/2014 07:44 PM, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1allows users to override the socket path using the -S command line option.We'd like to consider this ineligible for a CVE unless there's new information. In many cases, "ability to cause an inconvenience" is not sufficient for a CVE assignment. The nature of the application apparently makes it unlikely that this would, for example, disrupt unattended root-executed scripts that have a hardcoded tmux command line.
I reported this here because tmux is sometimes used to start servers on system boot:
http://unix.stackexchange.com/questions/71372/using-tmux-on-boot-up-of-linux-centos http://askubuntu.com/questions/62434/why-does-upstart-keep-respawning-my-process https://bowerstudios.com/node/953 http://code.google.com/p/webrtc2sip/issues/detail?id=80 -- Florian Weimer / Red Hat Product Security Team
Current thread:
- CVE request: tmux local denial of service (2009) Florian Weimer (Jan 09)
- Re: CVE request: tmux local denial of service (2009) Guido Berhoerster (Jan 09)
- Re: CVE request: tmux local denial of service (2009) cve-assign (Jan 09)
- Re: CVE request: tmux local denial of service (2009) Florian Weimer (Jan 09)
- Re: Re: CVE request: tmux local denial of service (2009) Guido Berhoerster (Jan 09)
- Re: CVE request: tmux local denial of service (2009) Florian Weimer (Jan 09)