[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE Request: policykit (minor)
From: Kees Cook <kees () ubuntu ! com>
Date: 2010-04-01 16:55:25
Message-ID: 20100401165525.GD4078 () outflux ! net
[Download RAW message or body]
Hi,
Dan Rosenberg found[1] a minor information disclosure vulnerability
in pkexec, which has been fixed[2] upstream. It would disclose the
existence of files a given user would normally not be able to confirm:
$ pkexec /home/drosenbe/secret/hidden
(password prompt)
$ pkexec /home/drosenbe/secret/doesnotexist
Error getting information about /home/drosenbe/secret/doesnotexist: No such file or directory
Thanks,
-Kees
[1] Ubuntu bug: https://launchpad.net/bugs/532852
[2] http://cgit.freedesktop.org/PolicyKit/commit/?id=14bdfd816512a82b1ad258fa143ae5faa945df8a
--
Kees Cook
Ubuntu Security Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic