[Bug 931208] New: VUL-0: CVE-2015-3887: Re: CVE request for proxychains-ng : current path as the first directory for the library search path
http://bugzilla.suse.com/show_bug.cgi?id=931208 Bug ID: 931208 Summary: VUL-0: CVE-2015-3887: Re: CVE request for proxychains-ng : current path as the first directory for the library search path Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Maintenance Assignee: bnc-team-screening@forge.provo.novell.com Reporter: abergmann@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- Via oss-security. http://seclists.org/oss-sec/2015/q2/415 ... proxychains4, which firstly sets LD_PRELOAD to dlopen libproxychains4.so (contained in the same binary rpm) and execvp() the arbitrary command user has specified. Looking at the code, this program (proxychains4) sets the current directory as the first path to search libproxychains4.so. ref: https://github.com/rofl0r/proxychains-ng/blob/master/src/main.c#L35 Use CVE-2015-3887. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3887 http://seclists.org/oss-sec/2015/q2/430 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3887 https://bugzilla.redhat.com/show_bug.cgi?id=1147013 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=931208
Alexander Bergmann
http://bugzilla.suse.com/show_bug.cgi?id=931208
Alexander Bergmann
http://bugzilla.suse.com/show_bug.cgi?id=931208
Alexander Bergmann
http://bugzilla.suse.com/show_bug.cgi?id=931208
--- Comment #1 from Alexander Bergmann
http://bugzilla.suse.com/show_bug.cgi?id=931208
Alexander Bergmann
participants (1)
-
bugzilla_noreply@novell.com