Bug 1714855 - libqb: privileged IPC client naively prone to truncating/deleting semi-arbitrary files even if otherwise protected from an unprivileged IPC server
Summary: libqb: privileged IPC client naively prone to truncating/deleting semi-arbitr...
Keywords:
Status: CLOSED DUPLICATE of bug 1695948
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1695950
TreeView+ depends on / blocked
 
Reported: 2019-05-29 04:28 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-16 21:53 UTC (History)
13 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-04-21 07:02:36 UTC
Embargoed:

Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2019-05-29 04:28:18 UTC 
A flaw was found in libqb in which a privileged client application linked against libqb could overwrite arbitrary files it has access to with at least partially attacker controlled data which could cause the following consequences:

- either such arbitrary file can be intentionally shrunk from original, bigger size (allowing an attacker to refine the granularity for some other brute-force extraction of the original file content, for instance, when combine with an issue akin to CVE-2013-4209.

- or such file can be blown from its original size possibly causing DoS (due to limited storage capacity), unless the underlying FS support sparse files (?)
Comment 1 Huzaifa S. Sidhpurwala 2019-05-29 04:28:28 UTC 
Acknowledgments:

Name: Jan Pokorný (Red Hat)
Comment 4 Huzaifa S. Sidhpurwala 2020-04-21 07:02:36 UTC 

*** This bug has been marked as a duplicate of bug 1695948 ***
Note You need to log in before you can comment on or make changes to this bug.