Insecure /proc/net/unix parsing
Bug #1444518 reported by
Marc Deslauriers
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Apport |
Fix Released
|
High
|
Unassigned | ||
apport (Ubuntu) |
Fix Released
|
High
|
Martin Pitt | ||
Trusty |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Utopic |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Vivid |
Fix Released
|
High
|
Martin Pitt |
Bug Description
The fix in USN-2569-1 introduced a vulnerability when parsing /proc/net/unix.
There is a known issue in the kernel where newlines aren't being escaped properly:
http://
Resulting in Tavis Ormandy finding a new issue:
tags: | added: patch |
Changed in apport (Ubuntu Vivid): | |
status: | Confirmed → In Progress |
assignee: | nobody → Martin Pitt (pitti) |
importance: | Undecided → High |
Changed in apport: | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Martin Pitt (pitti) |
To post a comment you must log in.
Got a slightly better version of the patch. It does a chdir() to fix a TOCTOU problem.