"If you are not a member of the group you should not be able to get in."
exactly!
But if such user can find an existing privileged handle, I claim that you can
get access. You probably need a specially crafted program not using the
standard IMM library but the hole is there afaik.
---
** [tickets:#1163] IMM: no verification of handle and msg source correlation**
**Status:** unassigned
**Milestone:** future
**Created:** Wed Oct 08, 2014 04:03 PM UTC by Hans Feldt
**Last Updated:** Wed Nov 26, 2014 10:04 AM UTC
**Owner:** nobody
This is a continuation of https://sourceforge.net/p/opensaf/tickets/938/
Each message received that contains a handle must be verified to be from the
correct mds source to prevent package spoofing.
---
Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets