Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zjiv9wzmqtfy8DYr@cephalopod>
Date: Mon, 6 May 2024 12:24:55 +0200
From: Ben Hutchings <ben.hutchings@...d.be>
To: oss-security@...ts.openwall.com
Cc: buildroot@...ldroot.org
Subject: Re: Buildroot: incorrect permissons on /dev/shm

On Thu, Apr 11, 2024 at 05:31:02PM +0200, Ben Hutchings wrote:
> Buildroot is a Linux distribution and system builder for embedded
> systems.  Starting in Buildroot 2011.08, its default /etc/fstab
> included an entry for /dev/shm with incorrect permissons (sticky bit
> not set). (CWE-276)
> 
> Buildroot 2017.08 removed this entry for systems using systemd, and it
> has never been included for systems using OpenRC.  So this only
> affects Buildroot-built systems that use sysvinit, and some older
> systems that use systemd.
[...]

This has been assigned CVE-2024-34455.

Ben.

-- 
Ben Hutchings · Senior Embedded Software Engineer, Essensium-Mind · mind.be

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.