On Thu, Jun 07, 2018 at 10:48:10PM +0200, Moritz Muehlenhoff wrote: > > Hi > > > > It is an security bugfix, but perhaps not so critical, it can be > > exploited in very specific circumstances and probably only as a DoS, > > not as a privilege escalation. > > I'm not familiar with bird, so we could use help insight to assess the > scope of the issue: > > Could you please elaborate what these circumstances are? Like, who's > able to trigger a crash, does it affect only specific setups/conditions?
The crash could be triggered from bird CLI tool (birdc), which is usually accessible only to administrator. But the birdc has 'restricted' mode (when called with -r option) when the CLI is restricted to 'safe' commands, just for inspecting BIRD state, but the crash could be triggered even in the restricted mode. But even the restricted mode is accessible only to administrator. But if administrator would allow nonprivileged users to run birdc in restricted mode (say using 'sudo' rules) assuming than it is safe, then such assumption is broken by the bug. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
