[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Leonard den Ottolander
leonard at den.ottolander.nl
Thu Feb 2 14:51:05 UTC 2017
On Thu, 2017-02-02 at 06:40 -0800, John R Pierce wrote:
> On 2/2/2017 6:22 AM, Leonard den Ottolander wrote:
> > However, the fact that the binary in the example is setuid is orthogonal
> > to the fact that heap spraying is a very serious attack vector.
>
> without privilege escalation, what does it attack ?
pkcheck might not be directly vulnerable. However, pkexec is. Closing
these bugs because pkcheck might not be directly vulnerable also stops
pkexec from being fixed. And pkexec clearly is vulnerable.
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
More information about the CentOS
mailing list