Re: [VULN 4/4] Process auth man-in-the-middle

To: Sergey Bugaev <bugaevc@gmail.com>, bug-hurd@gnu.org
Cc: debian-hurd@lists.debian.org, ludo@gnu.org, guix-devel@gnu.org, samuel.thibault@gnu.org, jlledom@mailfence.com, jbranso@dismail.de, rbraun@sceen.net
Subject: Re: [VULN 4/4] Process auth man-in-the-middle
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 9 Nov 2021 09:39:47 +1300
Message-id: <[🔎] eccc5f26-0539-405e-443b-4b0fe8bcb531@treenet.co.nz>
In-reply-to: <[🔎] 20211102163121.415934-5-bugaevc@gmail.com>
References: <[🔎] 20211102163121.415934-1-bugaevc@gmail.com> <[🔎] 20211102163121.415934-5-bugaevc@gmail.com>

On 3/11/21 05:31, Sergey Bugaev wrote:

Short description
=================

The use of authentication protocol in the proc server is vulnerable to
man-in-the-middle attacks, which can be exploited for local privilege escalation
to get full root access to the system.


This has been assigned CVE-2021-43414


Amos

Reply to:

References:
- [VULN 0/4] Hurd vulnerability details
  - From: Sergey Bugaev <bugaevc@gmail.com>
- [VULN 4/4] Process auth man-in-the-middle
  - From: Sergey Bugaev <bugaevc@gmail.com>

Prev by Date: Re: [VULN 3/4] setuid exec race
Next by Date: Re: [VULN 0/4] Hurd vulnerability details
Previous by thread: Re: [VULN 4/4] Process auth man-in-the-middle
Next by thread: Re: [VULN 0/4] Hurd vulnerability details
Index(es):
- Date
- Thread