[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: colord sql injections
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2011-11-25 16:50:49
Message-ID: 4ECFC769.5000304 () redhat ! com
[Download RAW message or body]

On 11/25/2011 08:13 AM, Jan Lieskovsky wrote:
> Hi Ludwig,
>
>   thank you for the report.
>
> On 11/25/2011 11:55 AM, Ludwig Nussel wrote:
>> Hi,
>>
>> colord did not quote user supplied strings which made it prone to
>> SQL injections:
>> https://bugs.freedesktop.org/show_bug.cgi?id=42904
>> https://bugzilla.novell.com/show_bug.cgi?id=698250
>
> Just to have this one sorted out wrt to the patches, the relevant
> upstream patches are these two:
> [1]
> http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
> [2]
> http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e
>
> right?
>
> Thank you && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team
>
>>
>> When colord runs as root and local active users are allowed to
>> create new devices (both are the defaults AFAIK) this allows not
>> only to corrupt colord's own database but also to leverage it to
>> modify other databases in the system (PackageKit for example also
>> uses sqlite).
>>
>> PoC available on request.
>>
>> cu
>> Ludwig
>>
>
Please use CVE-2011-4349 for these SQL injection issues.

-- 

-Kurt Seifried / Red Hat Security Response Team

[prev in list] [next in list] [prev in thread] [next in thread]