Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: tmux local denial of service (2009)
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 09 Jan 2014 20:06:16 +0100

On 01/09/2014 07:44 PM, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

allows users to override the socket path using the -S command line option.

We'd like to consider this ineligible for a CVE unless there's new
information. In many cases, "ability to cause an inconvenience" is not
sufficient for a CVE assignment. The nature of the application
apparently makes it unlikely that this would, for example, disrupt
unattended root-executed scripts that have a hardcoded tmux command
line.

I reported this here because tmux is sometimes used to start servers on system boot:

http://unix.stackexchange.com/questions/71372/using-tmux-on-boot-up-of-linux-centos
http://askubuntu.com/questions/62434/why-does-upstart-keep-respawning-my-process
https://bowerstudios.com/node/953
http://code.google.com/p/webrtc2sip/issues/detail?id=80

--
Florian Weimer / Red Hat Product Security Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault