[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: policykit (minor)
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-04-01 19:26:04
Message-ID: 1677914590.229811270149964194.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- "Kees Cook" <kees@ubuntu.com> wrote:

> Hi,
> 
> Dan Rosenberg found[1] a minor information disclosure vulnerability
> in pkexec, which has been fixed[2] upstream.  It would disclose the
> existence of files a given user would normally not be able to
> confirm:
> 
> $ pkexec /home/drosenbe/secret/hidden
> (password prompt)
> $ pkexec /home/drosenbe/secret/doesnotexist
> Error getting information about /home/drosenbe/secret/doesnotexist: No
> such file or directory
> 
> Thanks,
> 
> -Kees
> 
> [1] Ubuntu bug: https://launchpad.net/bugs/532852
> [2]
> http://cgit.freedesktop.org/PolicyKit/commit/?id=14bdfd816512a82b1ad258fa143ae5faa945df8a
> 

Please use CVE-2010-0750

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic