[Bug 1158365] New: VUL-0: CVE-2019-5164: code execution vulnerability in the ss-manager binary of Shadowsocks-libev 3.3.2

http://bugzilla.opensuse.org/show_bug.cgi?id=1158365 Bug ID: 1158365 Summary: VUL-0: CVE-2019-5164: code execution vulnerability in the ss-manager binary of Shadowsocks-libev 3.3.2 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/248330/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: hillwoodroc@gmail.com Reporter: rfrohl@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-5164 An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5164 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1158365 http://bugzilla.opensuse.org/show_bug.cgi?id=1158365#c1 --- Comment #1 from Robert Frohl <rfrohl@suse.com> --- Fixed by version 3.3.3 [0] too. Nothing left to do once these are released: https://build.opensuse.org/request/show/753248 15.0 / shadowsocks-libev https://build.opensuse.org/request/show/753255 15.1 / shadowsocks-libev [0] https://github.com/shadowsocks/shadowsocks-libev/issues/2537 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com