[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Leonard den Ottolander
leonard at den.ottolander.nlThu Feb 2 19:54:41 UTC 2017
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2017-02-02 at 10:39 -0800, Gordon Messmer wrote: > Open a new bug report and focus on this patch, exclusively: > https://cgit.freedesktop.org/polkit/commit/src/programs/pkexec.c?id=6c992bc8aefa195a41eaa41c07f46f17de18e25c By the way, the comment for that commit starts with: This usage is clearly errorneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list