Hi,
ok, glob does not segfault so this should be pretty much
exploitable.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpckq15rNVOX.pgp
Description: PGP signature
Package: tss
Version: 0.8.1-3
Severity: critical
Tags: security
Justification: root security hole
tss has a setuid binary. The source code is src/main.c:
sprintf(glob_string, %s/.tss/*, getenv(HOME));
(before dropping setuid, needless to say)
Helmut
-- System Information:
Debian Release:
On Sat, Apr 12, 2008 at 05:52:17PM +0200, Helmut Grohne wrote:
Package: tss
Version: 0.8.1-3
Severity: critical
Tags: security
Justification: root security hole
tss has a setuid binary. The source code is src/main.c:
sprintf(glob_string, %s/.tss/*, getenv(HOME));
(before dropping
Processing commands for [EMAIL PROTECTED]:
tags 475736 - security
Bug#475736: tss: local root exploit
Tags were: security
Tags removed: security
severity 475736 minor
Bug#475736: tss: local root exploit
Severity set to `minor' from `critical'
thanks
Stopping processing here.
Please contact
tags 475736 - security
severity 475736 minor
thanks
Hi Helmut,
* Helmut Grohne [EMAIL PROTECTED] [2008-04-12 18:12]:
tss has a setuid binary. The source code is src/main.c:
sprintf(glob_string, %s/.tss/*, getenv(HOME));
(before dropping setuid, needless to say)
Actually I am pretty sure
5 matches
Mail list logo