[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] libreoffice-online "loolforkit" privileged program local root exploit
From:       Matthias Gerstner <mgerstner () suse ! de>
Date:       2021-01-21 10:22:38
Message-ID: YAlV7n+yLVBceb3c () f195 ! suse ! de
[Download RAW message or body]


On Mon, Jan 18, 2021 at 04:07:40PM +0100, Matthias Gerstner wrote:
> Formally libreoffice-online is covered by the "Document Foundation" CNA,
> therefore I did not request a CVE for this via the Mitre CVE form. I
> will try to contact the CNA directly in this matter.

The Document Foundation assigned CVE-2021-25630 for the missing
enforcement of only allowing the "loolforkit" user to access the
sensitive features of the program.

Cheers

Matthias

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]