Bug 837011 (CVE-2013-2905) - VUL-1: CVE-2013-2905: chromium: weak permissions under /dev/shm/ allow attackers to obtain sensitive information
Summary: VUL-1: CVE-2013-2905: chromium: weak permissions under /dev/shm/ allow attack...
Status: RESOLVED FIXED
Alias: CVE-2013-2905
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Forgotten User sM9JzehKpy
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-27 13:35 UTC by Matthias Weckbecker
Modified: 2013-11-21 14:13 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2013-08-27 13:35:54 UTC 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CVE-2013-2905
======================================================
Name: CVE-2013-2905

The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chr
ome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows atta
ckers to obtain sensitive information via direct access to a POSIX shared-memory
 file.


Reference: CONFIRM: https://src.chromium.org/viewvc/chrome?revision=209814&view=
revision
Reference: CONFIRM: http://googlechromereleases.blogspot.com/2013/08/stable-chan
nel-update.html
Reference: CONFIRM: http://crbug.com/254159
Comment 1 Marcus Meissner 2013-11-21 14:13:30 UTC 
as we released newer chromiums alerady, this is probably fixed