On Thu, 2017-02-02 at 06:40 -0800, John R Pierce wrote:
On 2/2/2017 6:22 AM, Leonard den Ottolander wrote:
However, the fact that the binary in the example is setuid is orthogonal to the fact that heap spraying is a very serious attack vector.
without privilege escalation, what does it attack ?
pkcheck might not be directly vulnerable. However, pkexec is. Closing these bugs because pkcheck might not be directly vulnerable also stops pkexec from being fixed. And pkexec clearly is vulnerable.
Regards, Leonard.