| 2 | |
| 3 | |
| 4 | {{{ |
| 5 | Description |
| 6 | =========== |
| 7 | |
| 8 | - CVE-2016-8605 (information disclosure) |
| 9 | |
| 10 | The mkdir procedure of GNU Guile, an implementation of the |
| 11 | Scheme programming language, temporarily changed the |
| 12 | process' umask to zero. During that time window, in a |
| 13 | multithreaded application, other threads could end up |
| 14 | creating files with insecure permissions. For example, mkdir |
| 15 | without the optional mode argument would create directories |
| 16 | as 0777. |
| 17 | |
| 18 | - CVE-2016-8606 (arbitrary code execution) |
| 19 | |
| 20 | It was reported that the REPL server is vulnerable to the |
| 21 | HTTP inter- protocol attack. This constitutes a remote code |
| 22 | execution vulnerability for developers running a REPL server |
| 23 | that listens on a loopback device or private network. |
| 24 | Applications that do not run a REPL server, as is usually |
| 25 | the case, are unaffected. |
| 26 | |
| 27 | Impact |
| 28 | ====== |
| 29 | |
| 30 | A remote attacker is able to execute arbitrary code via a HTTP |
| 31 | inter-protocol attack if the REPL server is listening on a |
| 32 | loopback device or private network. |
| 33 | |
| 34 | Running a multi-threaded guile application can cause |
| 35 | directories or files to be created with world |
| 36 | readable/writable/executable permissions during a small window |
| 37 | which leads to information disclosure. |
| 38 | }}} |
| 39 | |
| 40 | [http://www.openwall.com/lists/oss-security/2016/10/11/1] |
| 41 | |
| 42 | [http://www.openwall.com/lists/oss-security/2016/10/12/2] |