Bug 549191 (CVE-2019-11773)

Summary: RPATHs on AIX
Product: [Technology] OMR Reporter: Charlie Gracie <charlie.gracie>
Component: GeneralAssignee: Project Inbox <omr-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: mstoodle, rwy0717, wayne.beaton, youngar17
Version: unspecifiedKeywords: security
Target Milestone: ---   
Hardware: PC   
OS: Mac OS X   
URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11773
Whiteboard:

Description Charlie Gracie CLA 2019-07-11 14:21:11 EDT 
project: Eclipse OMR
versions: all

cwe: CWE-264
http://cwe.mitre.org/data/definitions/264.html
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. 

summary:
AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. 


- see also https://nvd.nist.gov/vuln/detail/CVE-2018-1890
Comment 1 Mark Stoodley CLA 2019-07-17 10:08:32 EDT 
This problem has been resolved via
https://github.com/eclipse/omr/pull/4136
Comment 2 Wayne Beaton CLA 2019-07-18 09:35:22 EDT 
I've assigned CVE-2019-11773
Comment 3 Wayne Beaton CLA 2019-09-12 12:24:27 EDT 
The project's 0.1 release scheduled for September 18. Shall I update the version on this CVE to be "all versions prior to 0.1" and submit?
Comment 4 Mark Stoodley CLA 2019-09-12 12:27:46 EDT 
Sure, sounds reasonable to me (in the absence of any explicit way to refer to such "releases" :) )
Comment 5 Wayne Beaton CLA 2019-09-12 13:07:00 EDT 
I've created a pull-request with the central authority.

https://github.com/CVEProject/cvelist/pull/2543