[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Leonard den Ottolander
leonard at den.ottolander.nl
Thu Feb 2 19:54:41 UTC 2017
On Thu, 2017-02-02 at 10:39 -0800, Gordon Messmer wrote:
> Open a new bug report and focus on this patch, exclusively:
> https://cgit.freedesktop.org/polkit/commit/src/programs/pkexec.c?id=6c992bc8aefa195a41eaa41c07f46f17de18e25c
By the way, the comment for that commit starts with:
This usage is clearly errorneous, so we should tell the users they are
making a mistake. Besides, this allows an attacker to cause a high
number of heap allocations with attacker-controlled sizes
( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier.
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
More information about the CentOS
mailing list