Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <op.xm34y9patrc8xl@dhcp-4-217.brq.redhat.com>
Date: Thu, 02 Oct 2014 19:17:23 +0200
From: Martin Bříza <mbriza@...hat.com>
To: oss-security@...ts.openwall.com, "Sebastian Krahmer" <krahmer@...e.de>
Cc: "David Edmundson" <david@...idedmundson.co.uk>
Subject: Re: various sddm vulnerabilities

On Wed, 01 Oct 2014 13:24:52 +0200, Sebastian Krahmer <krahmer@...e.de>  
wrote:

> Hi
>
> During review we found several issues in the sddm
> display manager which allow local users to obtain
> root privileges. More on this is here:
>
> https://bugzilla.suse.com/show_bug.cgi?id=897788
>
> Sebastian
>

Hi,
first, please let me thank you for your very valuable input, Sebastian.

We (me and d_ed, David Edmundson) took a look at this. Although we don't  
believe any of the issues you reported could lead to a privilege  
escalation (as some of the resulting bugreports suggest), we consider them  
to be security issues.
Currently, there are two pull requests open [1] [2] potentionally fixing  
all mentioned issues. We're waiting for peer review from the other  
developers and possibly yours, too.

Cheers,
Martin

[1] https://github.com/sddm/sddm/pull/279
[2] https://github.com/sddm/sddm/pull/280

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.