Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat

2 Feb 2017


      On Thu, 2017-02-02 at 06:40 -0800, John R Pierce wrote:
...
On 2/2/2017 6:22 AM, Leonard den Ottolander wrote:
...
However, the fact that the binary in the example is setuid is orthogonal
to the fact that heap spraying is a very serious attack vector.
without privilege escalation, what does it attack ?
pkcheck might not be directly vulnerable. However, pkexec is. Closing
these bugs because pkcheck might not be directly vulnerable also stops
pkexec from being fixed. And pkexec clearly is vulnerable.
Regards,
Leonard.
-- 
mount -t life -o ro /dev/dna /genetic/research

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] Serious attack vector on pkcheck ignored by Red Hat