Re: Serious attack vector on pkcheck ignored by Red Hat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, 2017-02-02 at 07:16 -0800, Gordon Messmer wrote:
> On 02/02/2017 06:51 AM, Leonard den Ottolander wrote:
> > pkcheck might not be directly vulnerable. However, pkexec is.
> 
> 
> If that's so, why are you supplying patches to pkcheck rather than 
> fixing pkexec?

The patch has a fix for three memory leaks. One memory leak that allows
heap spraying in pkexec.c that according to the aforementioned article
is *directly* exploitable and has been fixed upstream. (Check references
I provided.)

Two similar memory leaks exist in pkcheck.c, for which I also provided
patches. Even though these might not be so easily exploitable the memory
leaks in themselves allow a local attacker to "spray the heap", which
makes it easier for him to leverage an attack. You do not want to allow
an attacker to have such potent tools readily available.

Memory leaks are always bad, but these are seriously bad because they
are attacker controlled.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux