[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] libreoffice-online "loolforkit" privileged program local root exploit
From: Matthias Gerstner <mgerstner () suse ! de>
Date: 2021-01-21 10:22:38
Message-ID: YAlV7n+yLVBceb3c () f195 ! suse ! de
[Download RAW message or body]
On Mon, Jan 18, 2021 at 04:07:40PM +0100, Matthias Gerstner wrote:
> Formally libreoffice-online is covered by the "Document Foundation" CNA,
> therefore I did not request a CVE for this via the Mitre CVE form. I
> will try to contact the CNA directly in this matter.
The Document Foundation assigned CVE-2021-25630 for the missing
enforcement of only allowing the "loolforkit" user to access the
sensitive features of the program.
Cheers
Matthias
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic