[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE requests: opie off by one and setuid()
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-06-23 19:49:35
Message-ID: 2073418535.897119.1308858575723.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- Original Message -----
> Hi,
>
> Can someone assign 2 CVE's for a off by one in opiesu
> and a missing setuid() retval check in opielogin which
> leads to easy root compromise? Reviewed opie-2.4.
>
> Patches are available here:
>
> https://bugzilla.novell.com/show_bug.cgi?id=698772
>
Here you go:
CVE-2011-2489 opiesu Off by one
CVE-2011-2490 opiesu missing setuid() check
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic