[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: adequate: privilege escalation via tty hijacking
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-11-29 8:02:34
Message-ID: 52984A1A.80909 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/28/2013 04:41 AM, Salvatore Bonaccorso wrote:
> Hi Kurt,
>
> I would like to request a CVE for an issue with 'adequate':
>
> http://bugs.debian.org/730691 (adequate: privilege escalation via
> tty hijacking):
>
> ----cut---------cut---------cut---------cut---------cut---------cut-----
>
>
Package: adequate
> Version: 0.4 Severity: serious Tags: security Justification: user
> security hole
>
> If root uses the --user option, then the user can hijack the tty
> with the TIOCSTI ioctl.
>
> This is similar to CVE-2005-4890.
>
Please use CVE-2013-6409 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJSmEoZAAoJEBYNRVNeJnmTPY8P/0vsH+KVUmCJK5CVGDh2EkDX
GP8JoZjBzdaasyCK0QoNiNtkShrea4Uju6ngOFxMYJouo7xa29mZ4oTI71W+ehIA
ff6TlDPvbO17DcOwjR+FhhY2vCcbXU3sLyWZGAgbnQAW+GQbxcFyVVF/Ws00Ejc8
frS9pyvZVkmBJogoWnd2QR1FVRYBajizlJB9KSZMEjiVrPpUo5ARNxKUiRVHEv7n
glHKF82ZxqSDSNZ1QRhnNlcx7n14XrnhlUia0GsYqzF1hDLh/5M5RmU9dCayZOUe
noGrLLt3BA21hAIjQMSyURSklQgoQFThjsOynsA7XKu8j/uvCTU49lUClROf75/G
TmCGQKrzciheRRN/ezstb5GledYNRQtO+8ShcOHeKAaaQ3dMowy4xonSrVBxSw3s
1lXgtYE1oMPis25FaepSXydcSLU9DdPAujig+2m5v5Fv4t5u39QyKxZcOrkg4a9B
725mIr3yIkPWfr8ECSCOZqDeK6SOTy8578+jnlkrch1CQxrP21nNoO+cDYpaFmdF
wM9F3XQb8NOBfOd+gQMBxSBx62S9UHC+6/MzhKgnwzP1eZqojSEDgdWuX60Kt4LL
idKA5P+bz03nfdPcFTQXLqF9mtX8uvGtlsaKne5SvsBIoox/RQd1QNkxFXFM6f/h
Duy1GvBKmHcGYH32/vbA
=U2b4
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic