oss-sec mailing list archives
Re: CVE Request: Unauthorized access to IPC objects with SysV shm
From: cve-assign () mitre org
Date: Thu, 1 Oct 2015 16:58:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
ipc_addid installs new ipc object with idr_alloc, from this point on it is accessible to other threads. At this point the object contains unitialized garbage. Then it fills in uid, etc: new->cuid = new->uid = euid; new->gid = new->cgid = egid; new->seq = ids->seq++; While this happens another thread can get access to the object and do uid check on the unitialized garbage, which can give falsely give accesses
Use CVE-2015-7613. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWDZ4iAAoJEL54rhJi8gl5hkYQAMoU1mZjjTUlq/ck9SYn90XL ouAOm6oMb01EMri/Kn0HLq6B8n/R27vc+ytALytg41B/QYIU8xFeCYTPIfy4+Zg6 RxhLtkQlKuO94m7eBtc83NjLy4Xb1lTfFG1cZGyX3/IYZdNactX9qpurP5KUfDGD FXsrfan6539SiF6+2LqRPEIFpYQIQOhVMIVGtoqb0kiIii4MEWT3NZv1sL+Wwt4E Nv7WF2gew+jUpMahssiAy608zThbI8W26trFpTVR7wLOnu9KThajugYCwKskfDqX 2T/YD4dc10M/kyP4li+OwRV8yQOjb8gRuO6VUaCXLEIwLoTTgz+xQrj4mCH1IJRT Ft9mpLMa8XGSLeJNT8qtlKid91EEW1tRo/dF1bA7ybKQgahyvH6uiE5j8TifL8RK YLU9XU3OOMdtqvuoKlh12qEb5D0h4hBUM6S0lzdNVbUP28DXYeyH47qB6Kt86HOp jkBEFtzUP6VzVXUM8TjGSsiR4WsyOuNtV0MkI5LGiOzPb4Dd/nrPdzdsG4XWm2tA Ri/V912iWQhYXbh7zkT2eLGQtR1NYjJahvrE5pN9hI/4xRqerEVNyMIgp7y6UF25 bX6lgjKREqbSElUtBvnSQJmegxt+FaergwgaHfnxESYIDSee9u9+zovPl8gpyJaA q4qC9UqKZDK7tsCErOVo =/fAD -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Unauthorized access to IPC objects with SysV shm Julien Tinnes (Oct 01)
- Re: CVE Request: Unauthorized access to IPC objects with SysV shm cve-assign (Oct 01)