Bug 549191 (CVE-2019-11773) - RPATHs on AIX
Summary: RPATHs on AIX
Status: RESOLVED FIXED
Alias: CVE-2019-11773
Product: OMR
Classification: Technology
Component: General (show other bugs)
Version: unspecified   Edit
Hardware: PC Mac OS X
: P3 normal
Target Milestone: ---   Edit
Assignee: Project Inbox CLA
QA Contact:
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2019-07-11 14:21 EDT by Charlie Gracie CLA
Modified: 2019-09-16 13:18 EDT (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Charlie Gracie CLA 2019-07-11 14:21:11 EDT 
project: Eclipse OMR
versions: all

cwe: CWE-264
http://cwe.mitre.org/data/definitions/264.html
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. 

summary:
AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. 


- see also https://nvd.nist.gov/vuln/detail/CVE-2018-1890
Comment 1 Mark Stoodley CLA 2019-07-17 10:08:32 EDT 
This problem has been resolved via
https://github.com/eclipse/omr/pull/4136
Comment 2 Wayne Beaton CLA 2019-07-18 09:35:22 EDT 
I've assigned CVE-2019-11773
Comment 3 Wayne Beaton CLA 2019-09-12 12:24:27 EDT 
The project's 0.1 release scheduled for September 18. Shall I update the version on this CVE to be "all versions prior to 0.1" and submit?
Comment 4 Mark Stoodley CLA 2019-09-12 12:27:46 EDT 
Sure, sounds reasonable to me (in the absence of any explicit way to refer to such "releases" :) )
Comment 5 Wayne Beaton CLA 2019-09-12 13:07:00 EDT 
I've created a pull-request with the central authority.

https://github.com/CVEProject/cvelist/pull/2543