[Bug 1255362] [NEW] Clients may be able to access buffers belonging to other users
Scott Kitterman
ubuntu at kitterman.com
Wed Nov 27 00:37:50 UTC 2013
*** This bug is a security vulnerability ***
Public security bug reported:
A manipulated, but properly authenticated client was able to retrieve
the backlog of other users on the same core in some cases by providing
an appropriate BufferID to the storage engine. Note that proper
authentication was still required, so exploiting this requires
malicious users on your core.
Fixed upstream in 0.9.2.
** Affects: quassel (Ubuntu)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: Triaged
** Affects: quassel (Ubuntu Lucid)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: Triaged
** Affects: quassel (Ubuntu Precise)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: Triaged
** Affects: quassel (Ubuntu Quantal)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: Triaged
** Affects: quassel (Ubuntu Raring)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: Triaged
** Affects: quassel (Ubuntu Saucy)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: Triaged
** Affects: quassel (Ubuntu Trusty)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: Triaged
** Changed in: quassel (Ubuntu)
Assignee: (unassigned) => Scott Kitterman (kitterman)
** Changed in: quassel (Ubuntu)
Importance: Undecided => High
** Changed in: quassel (Ubuntu)
Status: New => Triaged
** Also affects: quassel (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: quassel (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: quassel (Ubuntu Raring)
Importance: Undecided
Status: New
** Also affects: quassel (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: quassel (Ubuntu Trusty)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: Triaged
** Also affects: quassel (Ubuntu Quantal)
Importance: Undecided
Status: New
** Changed in: quassel (Ubuntu Lucid)
Status: New => Triaged
** Changed in: quassel (Ubuntu Precise)
Status: New => Triaged
** Changed in: quassel (Ubuntu Quantal)
Status: New => Triaged
** Changed in: quassel (Ubuntu Raring)
Status: New => Triaged
** Changed in: quassel (Ubuntu Saucy)
Status: New => Triaged
** Changed in: quassel (Ubuntu Lucid)
Importance: Undecided => High
** Changed in: quassel (Ubuntu Precise)
Importance: Undecided => High
** Changed in: quassel (Ubuntu Quantal)
Importance: Undecided => High
** Changed in: quassel (Ubuntu Raring)
Importance: Undecided => High
** Changed in: quassel (Ubuntu Saucy)
Importance: Undecided => High
** Changed in: quassel (Ubuntu Lucid)
Assignee: (unassigned) => Scott Kitterman (kitterman)
** Changed in: quassel (Ubuntu Precise)
Assignee: (unassigned) => Scott Kitterman (kitterman)
** Changed in: quassel (Ubuntu Quantal)
Assignee: (unassigned) => Scott Kitterman (kitterman)
** Changed in: quassel (Ubuntu Raring)
Assignee: (unassigned) => Scott Kitterman (kitterman)
** Changed in: quassel (Ubuntu Saucy)
Assignee: (unassigned) => Scott Kitterman (kitterman)
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to quassel in Ubuntu.
https://bugs.launchpad.net/bugs/1255362
Title:
Clients may be able to access buffers belonging to other users
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1255362/+subscriptions
More information about the kubuntu-bugs
mailing list