Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 9 Nov 2009 20:35:57 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: oping allows the disclosure of
  arbitrary file contents

----- "Steven M. Christey" <coley@...us.mitre.org> wrote:
> 
> This says:
> 
>   2009-09-29 Version 1.3.3 is available. The new release fixes a serious
>   security issue in oping: If the application is installed with the
>   SetUID-bit, anybody on the system could use oping to read arbitrary files
>   using the "-f" option.
> 
> So as stated, this sounds worthy of a CVE to me.  Thoughts?
> 

That issue has a CVE id. I gave it CVE-2009-3614 quite some time ago.
http://marc.info/?l=oss-security&m=125561742729846&w=2

The discussion then branched out into if an unchecked call to setuid to drop
permissions is a security flaw (as a user could cause it to fail, preventing
oping from dropping privs). I saw nothing in the code that showed it to be
anything but a bug, as oping doesn't do anything exciting after the call could
fail.

-- 
    JB

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ