Bug 864224 – VUL-1: CVE-2014-1845: enlightenment: hardnening default parameters

Bug 864224 - (CVE-2014-1845) VUL-1: CVE-2014-1845: enlightenment: hardnening default parameters

(CVE-2014-1845)
Summary:	VUL-1: CVE-2014-1845: enlightenment: hardnening default parameters

Status:	RESOLVED DUPLICATE of bug 861564

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other openSUSE 13.1

Priority:	P5 - None Severity: Minor
Target Milestone:	---
Assigned To:	Jan Matejek
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/96258/
Whiteboard:
Keywords:

Depends on:
Blocks:	CVE-2014-1846
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-02-17 07:31 UTC by Victor Pereira
Modified:	2014-02-19 12:38 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2014-02-17 07:31:11 UTC

CVE-2014-1845

clear out environment as best is possible before executing anything. especially PATH and IFS are set to minimal base defaults. also use clearenv() if available and unsetenv() 

remove gdb method as it's just too dangerous. run it as normal as the user and if the kernel / distro dny that - then sorry. too bad.


References:
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1845.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1845

Comment 1 Jan Matejek 2014-02-17 12:16:01 UTC

this CVE is a subset of issues tracked in bug 861564

*** This bug has been marked as a duplicate of bug 861564 ***