[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: FreeBSD/OS X crontab information
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-02-28 21:13:23
Message-ID: 2129000690.299846.1298927603500.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
This should probably get three.
----- Original Message -----
> Details here:
> http://marc.info/?l=full-disclosure&m=129891323028897&w=2
>
> There are three leaks, each of which amounts to a minor DAC bypass.
>
> 1. Leakage of file/directory existence via stat() calls (e.g.
> determining if a file exists regardless of search permissions on
> directories)
CVE-2011-1073
>
> 2. Leakage of directory existence via realpath()
CVE-2011-1074
>
> 3. Arbitrary MD5 comparison (e.g. ability to determine if any two
> files have identical MD5 hashes, regardless of read permissions on
> those files)
CVE-2011-1075
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic