|
|
| |
|
| |
Security
By Jake Edge
February 22, 2012
The Capsicum capabilities framework has been around for a couple of years
now, and support for it was added
to the recent FreeBSD 9.0 release. Capsicum takes a very different
approach from other capabilities systems (like Linux capabilities or POSIX
capabilities), and is geared toward sandboxing applications to limit the
damage that can be caused by buggy or misbehaving programs. While the
FreeBSD support is "experimental", it is available for researchers and
others to try out.
Capsicum came out of a collaboration between the University of Cambridge's
Computer Laboratory and Google. That resulted in a prototype
implementation for FreeBSD along with modification of several different
programs to take advantage of Capsicum. One of the main applications of
interest is the Chromium web browser, but several FreeBSD utilities
(tcpdump, dhclient, and gzip) were also converted, as described in the Capsicum
paper [PDF].
The idea behind Capsicum is to extend the standard Unix APIs by adding ways
that applications can "self-compartmentalize". Essentially, applications
can choose to restrict themselves to a sandbox that will disallow many
"dangerous" operations, while still allowing them to get their job done via
the capabilities they allow for themselves or those that are passed in
using special file descriptors (which are also, perhaps unfortunately,
called capabilities). It is, in some ways, conceptually similar to
programs that drop their privileges using the setuid() call but,
instead of being restricted to what a particular user is allowed to do
(which is often far more than the application needs), Capsicum allows much
finer-grained control over what restrictions are in place.
The starting point for a Capsicum-enabled process is the new
cap_enter() system call. This is a one-way gate that puts a
process and any subsequent children into "capability mode". It turns off
"ambient authority", which is a term for the normal Unix process model where a process has all of the
permissions of the UID it is running as. Capability mode restricts access to any of the global
namespaces, like the filesystem namespace, PID namespace, network
namespace, and others. Any system calls that operate on these global
namespaces are either disallowed entirely, or their arguments are constrained.
For example, the sysctl() call is constrained to only allow around
30 (of a possible 3000) of the different system parameters to be examined
via that call. The shared memory creation call, shm_open(), is
only allowed to create anonymous memory objects, while the
openat() family is restricted to allow access to files at or below
the directory file descriptor passed in (by essentially disallowing "/" or
".." at the start of the path). There are some other miscellaneous
restrictions that come with capability mode including disallowing the
loading of kernel modules or the execution of setuid and setgid binaries.
Capsicum wraps normal file descriptors with additional capability
information that restricts what can be done with the file. If
a capability file descriptor has the CAP_READ capability, that's all that can
be done to it,
unlike a file descriptor for a file that is opened read-only which can still be used to
make metadata changes (via fchmod() for example). In order to
change positions in the file, the CAP_SEEK capability is
required. A capability file descriptor can also wrap a directory file descriptor, which allows the
capability set to be applied to all members of that directory. That would
allow Apache to set up workers that only have access to a certain subset of
the web directory hierarchy, or for a sandboxed application to access a
library path, for example.
The capability file descriptors can be already open at the time that
cap_enter() is called (and wrapped by a set of capabilities
specified in an earlier cap_new() call) or passed to the process
using Unix sockets. That means that a fairly simple program can decrease
its ability to cause harm by setting up the file descriptors it needs and
then calling cap_enter() before performing more "dangerous"
operations. The tcpdump example given in the paper is
instructive, as it simply enters capability mode after setting up the packet
filter (which is a privileged operation), but before entering the
processing loop. That way, errors in the packet decoding code are very
limited in the kind of damage they can cause.
The simple two-line change to tcpdump() did expose a few problems,
however. For example the glibc DNS resolver code requires access to the
filesystem (/etc/resolv.conf) and to the network namespace (to
talk to the DNS server), which led to reduced functionality. Switching
tcpdump to use a lightweight local resolver restored that feature.
In addition to the "raw" Capsicum interface using cap_enter(), the
framework provides a libcapsicum that can be used to more
thoroughly isolate the sandboxed processes without each application having
to do its own start-up management of a sandboxed process. It handles
closing all undelegated file descriptors (those that are not meant for the
sandbox), forking the new sandboxed
process, flushing the address space using fexecve(), and setting
up a Unix socket that can be used for communication between the privileged
and unprivileged processes. None of the examples in the paper use
libcapsicum as it generally requires major changes to the
application in order to be used, so it may be more suitable for new
development.
The examples do show that substantial
improvements in the security of programs can be had with minimal code
changes, though. Roughly 100 new lines of code were all that was required
to use Capsicum in Chromium on FreeBSD, largely because the browser was
written with privilege separation in mind. Chromium already uses various
techniques, depending on the OS, to separate the rendering process from other renderers and the
rest of the browser. That made it fairly straightforward to adapt Chromium
and the paper says that switching to a libcapsicum-based
implementation should not be significantly harder.
Capsicum is an interesting idea that bears watching as it rolls out in
FreeBSD. The 9.0 release only contains the kernel changes required for
Capsicum but doesn't ship any applications that use the facility. 9.1 is
slated to have some of those, presumably starting with Chromium. Beyond
this brief introduction, those interested should take a look at the paper, this
article [PDF] from ;login: magazine, as well as the documentation page.
Comments (5 posted)
Brief items
I used to provide detached GnuPG signatures alongside my uploaded
source tarballs but nobody cared or even noticed if I inadvertently
broke the signature. (This is for packages which regularly got
downloaded for inclusion into Fedora, ArchLinux, Gentoo and numerous
other distros other than Debian/Debian-based ones which get the source
directly from me.)
Honestly, nobody cares.
-- Neil Williams
ICANN has plowed ahead with their extortive get-rich-quick gTLD
expansion scheme. The U.S. has turned the DNS into a mechanism for
unilaterial actions over entities in other countries, without such
[niceties] as due process being required. The list goes on and on.
So no wonder the rest of the world pushes for changes -- and threatens
network fragemention -- even as their proposed regulatory regimes could
do enormous damage to the Net.
-- Lauren Weinstein
This book marks another chapter in my career’s endless series of
generalizations. From mathematical security — cryptography — to computer
and network security; from there to security technology in general; then to
the economics of security and the psychology of security; and now to — I
suppose — the sociology of security. The more I try to understand how
security works, the more of the world I need to encompass within my model.
-- Bruce
Schneier on his new book Liars and Outliers
While everyone else was focused on the normal patch specific
vuln/update/forget cycle, our focus with these high-profile vulnerabilities
has always been to look at tangential issues that are unlikely to be
resolved upstream: exploitation techniques that either made certain
strategies easier or possible in the first place. In the case of
CVE-2012-0056, that issue revealed itself during a discussion on the
full-disclosure mailing list on how to reliably exploit systems that
changed the permission of the suid root binaries to deny reading. While
such a permission change prevented the use of objdump in initial exploits,
it was mentioned that a ptrace followed by an exec of the suid root binary
allows one to effectively read the contents of the mapped binary. This
might be surprising, as a ptrace of an existing suid root process would be
denied. When execing a privileged binary while ptracing though, the binary
is run without the extra privileges. When the goal is reading out the
binary, however, this is irrelevant.
-- Brad
Spengler on "How We Learn From Exploits"
Comments (1 posted)
The H reports on research that found a significant number of RSA public keys are not secure. " Of the 6,185,372 X.509 certificates analysed, the researchers found 266,729 public keys in which moduli were reused. The modulus is the core component of a public key – if it is the same, then the secret key matches. In one extreme case, the same modulus was found 16,489 times. This means that each of the owners of the 16,489 certificates could spoof or spy on each of the other 16,488. The researchers note that it is not unusual to recycle keys when, for example, extending a certificate, but a significant number of these keys belong to entirely independent owners." Interestingly, OpenPGP keys generated by GPG do not seem to suffer from this problem.
Comments (16 posted)
Over at Linux.com, Nathan Willis describes how to set up Tahoe-LAFS grids for encrypted, distributed storage with strong access controls that disallow the storing node from accessing the data—only the owner (and those they share the location with) can assemble and decrypt it. " Beyond that, though, Tahoe offers peer-to-peer distributed data storage with adjustable levels of redundancy. You can tune your "grid" for performance, fault-tolerance, or strike a balance in between, and you can use heterogeneous hardware and service providers to make up your nodes, providing you with a second layer of protection. Furthermore, although you can use Tahoe-LAFS as a simple distributed filesystem, you can also run web and (S)FTP services directly from your Tahoe grid."
Comments (1 posted)
Mozilla has announced
that it has sent a
message to all of its recognized certificate authorities about the
practice of issuing subordinate root certificates for man-in-the-middle
attacks. Such use, they say, is not acceptable.
" In addition to this clarification, we have made several requests. We
have requested that any such certificates be revoked, and their HSMs
destroyed. We have requested the serial numbers of those certificates and
fingerprints of their signing roots so that we, and other relying parties,
can detect and distrust these subCA certificates if encountered. We have
requested that any CAs who have issued subCA certificates fulfill these
requests no later than April 27, 2012."
Comments (33 posted)
New vulnerabilities
busybox: code execution
| Package(s): | busybox |
CVE #(s): | CVE-2011-2716
|
| Created: | February 21, 2012 |
Updated: | July 19, 2012 |
| Description: |
From the Red Hat advisory:
The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
options provided in DHCP server replies, such as the client hostname. A
malicious DHCP server could send such an option with a specially-crafted
value to a DHCP client. If this option's value was saved on the client
system, and then later insecurely evaluated by a process that assumes the
option is trusted, it could lead to arbitrary code execution with the
privileges of that process. Note: udhcpc is not used on Red Hat Enterprise
Linux by default, and no DHCP client script is provided with the busybox
packages. |
| Alerts: |
|
Comments (none posted)
chromium: multiple vulnerabilities
| Package(s): | chromium |
CVE #(s): | CVE-2011-3016
CVE-2011-3017
CVE-2011-3018
CVE-2011-3019
CVE-2011-3020
CVE-2011-3021
CVE-2011-3022
CVE-2011-3023
CVE-2011-3024
CVE-2011-3025
CVE-2011-3027
CVE-2011-3953
CVE-2011-3954
CVE-2011-3955
CVE-2011-3956
CVE-2011-3957
CVE-2011-3958
CVE-2011-3959
CVE-2011-3960
CVE-2011-3961
CVE-2011-3962
CVE-2011-3963
CVE-2011-3964
CVE-2011-3965
CVE-2011-3966
CVE-2011-3967
CVE-2011-3968
CVE-2011-3969
CVE-2011-3970
CVE-2011-3971
CVE-2011-3972
|
| Created: | February 20, 2012 |
Updated: | February 22, 2012 |
| Description: |
From the CVE entries:
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue. (CVE-2011-3016)
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling. (CVE-2011-3017)
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering. (CVE-2011-3018)
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file. (CVE-2011-3019)
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors. (CVE-2011-3020)
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. (CVE-2011-3021)
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network. (CVE-2011-3022)
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations. (CVE-2011-3023)
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate. (CVE-2011-3024)
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3025)
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. (CVE-2011-3027)
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors. (CVE-2011-3953)
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. (CVE-2011-3954)
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction. (CVE-2011-3955)
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. (CVE-2011-3956)
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents. (CVE-2011-3957)
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. (CVE-2011-3958)
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (CVE-2011-3959)
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3960)
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process. (CVE-2011-3961)
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3962)
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3963)
Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors. (CVE-2011-3964)
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. (CVE-2011-3965)
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. (CVE-2011-3966)
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate. (CVE-2011-3967)
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. (CVE-2011-3968)
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. (CVE-2011-3969)
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3970)
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. (CVE-2011-3971)
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3972) |
| Alerts: |
|
Comments (none posted)
conga: cross-site scripting
| Package(s): | conga |
CVE #(s): | CVE-2010-1104
CVE-2011-1948
|
| Created: | February 21, 2012 |
Updated: | March 8, 2012 |
| Description: |
From the Red Hat advisory:
Multiple cross-site scripting (XSS) flaws were found in luci, the conga
web-based administration application. If a remote attacker could trick a
user, who was logged into the luci interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's luci session. (CVE-2010-1104, CVE-2011-1948) |
| Alerts: |
|
Comments (none posted)
drupal7-field_permissions: missing permissions
| Package(s): | drupal7-field_permissions |
CVE #(s): | |
| Created: | February 21, 2012 |
Updated: | February 22, 2012 |
| Description: |
Drupal field_permissions-7.x-1.0-beta2 adds an additional safe-guard for entities other than nodes when it comes to entity ownership. See the release announcement for details. |
| Alerts: |
|
Comments (none posted)
flash_plugin: multiple vulnerabilities
| Package(s): | flash_plugin |
CVE #(s): | CVE-2012-0752
CVE-2012-0753
CVE-2012-0754
CVE-2012-0755
CVE-2012-0756
CVE-2012-0767
|
| Created: | February 17, 2012 |
Updated: | February 27, 2012 |
| Description: |
From the Red Hat advisory:
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-0752,
CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2012-0767) |
| Alerts: |
|
Comments (none posted)
horde3: cross-site scripting
| Package(s): | horde3 |
CVE #(s): | CVE-2012-0909
|
| Created: | February 20, 2012 |
Updated: | February 22, 2012 |
| Description: |
From the CVE entry:
Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information. |
| Alerts: |
|
Comments (none posted)
horde3-dimp: cross-site scripting
| Package(s): | horde3-dimp |
CVE #(s): | CVE-2012-0791
|
| Created: | February 20, 2012 |
Updated: | June 4, 2012 |
| Description: |
From the CVE entry:
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. |
| Alerts: |
|
Comments (none posted)
ibutils: code execution
| Package(s): | ibutils |
CVE #(s): | CVE-2008-3277
|
| Created: | February 21, 2012 |
Updated: | March 8, 2012 |
| Description: |
From the Red Hat advisory:
It was found that the ibmssh executable had an insecure relative RPATH
(runtime library search path) set in the ELF (Executable and Linking
Format) header. A local user able to convince another user to run ibmssh in
an attacker-controlled directory could run arbitrary code with the
privileges of the victim. |
| Alerts: |
|
Comments (none posted)
initscripts: network traffic sniffing
| Package(s): | initscripts |
CVE #(s): | CVE-2008-1198
|
| Created: | February 21, 2012 |
Updated: | March 22, 2012 |
| Description: |
From the Red Hat advisory:
With the default IPsec (Internet Protocol Security) ifup script
configuration, the racoon IKE key management daemon used aggressive IKE
mode instead of main IKE mode. This resulted in the preshared key (PSK)
hash being sent unencrypted, which could make it easier for an attacker
able to sniff network traffic to obtain the plain text PSK from a
transmitted hash. |
| Alerts: |
|
Comments (none posted)
java: multiple unspecified vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2012-0498
CVE-2012-0499
CVE-2012-0500
|
| Created: | February 17, 2012 |
Updated: | August 21, 2012 |
| Description: |
From the CVE entries:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2012-0498)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2012-0499)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. (CVE-2012-0500) |
| Alerts: |
|
Comments (none posted)
jetty5: denial of service
| Package(s): | jetty5 |
CVE #(s): | CVE-2011-4461
|
| Created: | February 16, 2012 |
Updated: | January 7, 2013 |
| Description: |
From the openSUSE advisory:
jetty5 was prone to a remotely exploitable Denial of
Service flaw via hash collisions (CVE-2011-4461). |
| Alerts: |
|
Comments (none posted)
libpng: code execution
| Package(s): | libpng |
CVE #(s): | CVE-2011-3026
|
| Created: | February 16, 2012 |
Updated: | July 23, 2012 |
| Description: |
From the Debian advisory:
Jueri Aedla discovered an integer overflow in the libpng PNG library,
which could lead to the execution of arbitrary code if a malformed
image is processed. |
| Alerts: |
|
Comments (none posted)
libvorbis: code execution
| Package(s): | libvorbis |
CVE #(s): | CVE-2012-0444
|
| Created: | February 16, 2012 |
Updated: | April 3, 2012 |
| Description: |
From the Red Hat advisory:
A heap-based buffer overflow flaw was found in the way the libvorbis
library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis
media file was opened by an application using libvorbis, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2012-0444) |
| Alerts: |
|
Comments (none posted)
libxml2: denial of service
| Package(s): | libxml2 |
CVE #(s): | CVE-2012-0841
|
| Created: | February 22, 2012 |
Updated: | September 27, 2012 |
| Description: |
The libxml2 library suffers from predictable hash values, allowing a remote attacker to force the use of excessive CPU time and, possibly, slow down or bring down a service. |
| Alerts: |
|
Comments (none posted)
mozilla: use after free
| Package(s): | firefox |
CVE #(s): | |
| Created: | February 17, 2012 |
Updated: | February 22, 2012 |
| Description: |
From the Mozilla Firefox advisory:
Firefox 10.0.1 fixes a use after free in nsXBLDocumentInfo::ReadPrototypeBindings |
| Alerts: |
|
Comments (none posted)
mumble: information disclosure
| Package(s): | mumble |
CVE #(s): | CVE-2012-0863
|
| Created: | February 20, 2012 |
Updated: | August 30, 2012 |
| Description: |
From the Debian advisory:
It was discovered that mumble, a VoIP client, does not probably manage
permission on its user-specific configuration files, allowing other
local users on the system to access them. |
| Alerts: |
|
Comments (none posted)
rocksndiamonds: arbitrary file overwrite
| Package(s): | rocksndiamonds |
CVE #(s): | CVE-2011-4606
|
| Created: | February 21, 2012 |
Updated: | August 3, 2012 |
| Description: |
From the CVE entry:
Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory. |
| Alerts: |
|
Comments (none posted)
wicd: information disclosure
| Package(s): | wicd |
CVE #(s): | CVE-2012-0813
|
| Created: | February 17, 2012 |
Updated: | February 22, 2012 |
| Description: |
From the Fedora advisory:
A sensitive information disclosure flaw was found in the way wicd, wireless and wired network
connection manager, performed management of sensitive information, to be stored in log files.
Fields like 'password', 'identity', 'private_key', 'private_key_passwd' etc., were not excluded
from being logged into /var/log/wicd log file, which could allow local attacker, with the
privileges of the 'adm' group to view content of these entities in plain text, leading to
information disclosure. |
| Alerts: |
|
Comments (none posted)
Page editor: Jake Edge
Next page: Kernel development>>
|
|
|