Clients may be able to access buffers belonging to other users
Bug #1255362 reported by
Scott Kitterman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
quassel (Ubuntu) |
Fix Released
|
High
|
Scott Kitterman | ||
Lucid |
Won't Fix
|
High
|
Scott Kitterman | ||
Precise |
Fix Released
|
High
|
Scott Kitterman | ||
Quantal |
Fix Released
|
High
|
Scott Kitterman | ||
Raring |
Won't Fix
|
High
|
Scott Kitterman | ||
Saucy |
Fix Released
|
High
|
Scott Kitterman | ||
Trusty |
Fix Released
|
High
|
Scott Kitterman |
Bug Description
A manipulated, but properly authenticated client was able to retrieve
the backlog of other users on the same core in some cases by providing
an appropriate BufferID to the storage engine. Note that proper
authentication was still required, so exploiting this requires
malicious users on your core.
Fixed upstream in 0.9.2.
Changed in quassel (Ubuntu): | |
assignee: | nobody → Scott Kitterman (kitterman) |
importance: | Undecided → High |
status: | New → Triaged |
Changed in quassel (Ubuntu Lucid): | |
status: | New → Triaged |
Changed in quassel (Ubuntu Precise): | |
status: | New → Triaged |
Changed in quassel (Ubuntu Quantal): | |
status: | New → Triaged |
Changed in quassel (Ubuntu Raring): | |
status: | New → Triaged |
Changed in quassel (Ubuntu Saucy): | |
status: | New → Triaged |
Changed in quassel (Ubuntu Lucid): | |
importance: | Undecided → High |
Changed in quassel (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in quassel (Ubuntu Quantal): | |
importance: | Undecided → High |
Changed in quassel (Ubuntu Raring): | |
importance: | Undecided → High |
Changed in quassel (Ubuntu Saucy): | |
importance: | Undecided → High |
Changed in quassel (Ubuntu Lucid): | |
assignee: | nobody → Scott Kitterman (kitterman) |
Changed in quassel (Ubuntu Precise): | |
assignee: | nobody → Scott Kitterman (kitterman) |
Changed in quassel (Ubuntu Quantal): | |
assignee: | nobody → Scott Kitterman (kitterman) |
Changed in quassel (Ubuntu Raring): | |
assignee: | nobody → Scott Kitterman (kitterman) |
Changed in quassel (Ubuntu Saucy): | |
assignee: | nobody → Scott Kitterman (kitterman) |
Changed in quassel (Ubuntu Trusty): | |
status: | Triaged → In Progress |
To post a comment you must log in.
This bug was fixed in the package quassel - 0.9.2-0ubuntu1
---------------
quassel (0.9.2-0ubuntu1) trusty; urgency=low
* New upstream release
- Includes fix for cross-user data exposure in the core (LP: #1255362)
-- Scott Kitterman <email address hidden> Tue, 26 Nov 2013 19:56:06 -0500