oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Unauthorized access to IPC objects with SysV shm

From: cve-assign () mitre org
Date: Thu, 1 Oct 2015 16:58:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


ipc_addid installs new ipc object with idr_alloc, from this point on
it is accessible to other threads. At this point the object contains
unitialized garbage. Then it fills in uid, etc:

new->cuid = new->uid = euid;
new->gid = new->cgid = egid;
new->seq = ids->seq++;

While this happens another thread can get access to the object and do
uid check on the unitialized garbage, which can give falsely give
accesses


Use CVE-2015-7613.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWDZ4iAAoJEL54rhJi8gl5hkYQAMoU1mZjjTUlq/ck9SYn90XL
ouAOm6oMb01EMri/Kn0HLq6B8n/R27vc+ytALytg41B/QYIU8xFeCYTPIfy4+Zg6
RxhLtkQlKuO94m7eBtc83NjLy4Xb1lTfFG1cZGyX3/IYZdNactX9qpurP5KUfDGD
FXsrfan6539SiF6+2LqRPEIFpYQIQOhVMIVGtoqb0kiIii4MEWT3NZv1sL+Wwt4E
Nv7WF2gew+jUpMahssiAy608zThbI8W26trFpTVR7wLOnu9KThajugYCwKskfDqX
2T/YD4dc10M/kyP4li+OwRV8yQOjb8gRuO6VUaCXLEIwLoTTgz+xQrj4mCH1IJRT
Ft9mpLMa8XGSLeJNT8qtlKid91EEW1tRo/dF1bA7ybKQgahyvH6uiE5j8TifL8RK
YLU9XU3OOMdtqvuoKlh12qEb5D0h4hBUM6S0lzdNVbUP28DXYeyH47qB6Kt86HOp
jkBEFtzUP6VzVXUM8TjGSsiR4WsyOuNtV0MkI5LGiOzPb4Dd/nrPdzdsG4XWm2tA
Ri/V912iWQhYXbh7zkT2eLGQtR1NYjJahvrE5pN9hI/4xRqerEVNyMIgp7y6UF25
bX6lgjKREqbSElUtBvnSQJmegxt+FaergwgaHfnxESYIDSee9u9+zovPl8gpyJaA
q4qC9UqKZDK7tsCErOVo
=/fAD
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: