Forgot to add: This applies only to 2.6 -- for master we'll need a rebased version.
On Wed, Jun 19, 2024 at 9:51 AM Selva Nair <[email protected]> wrote: > > > On Wed, Jun 19, 2024 at 9:47 AM Lev Stipakov <[email protected]> wrote: > >> At the moment everyone but anonymous are permitted >> to create a pipe with the same name as interactive service creates, >> which makes it possible for malicious process with SeImpersonatePrivilege >> impersonate as local user. >> >> This hardens the security of the pipe, making it possible only for >> processes running as SYSTEM (such as interactive service) create the >> pipe with the same name. >> >> While on it, replace EXPLICIT_ACCESS structures with SDDL string. >> >> CVE: 2024-4877 >> >> Change-Id: I35e783b79a332d247606e05a39e41b4d35d39b5d >> Reported by: Zeze with TeamT5 <[email protected]> >> Signed-off-by: Lev Stipakov <[email protected]> >> --- >> v2: >> - ensure that sd is freed even if pipe creation failed >> - added Reported-By >> > > Acked-by: Selva Nair <[email protected]> >
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
