On Wed, Jun 19, 2024 at 9:47 AM Lev Stipakov <lstipa...@gmail.com> wrote:
> At the moment everyone but anonymous are permitted > to create a pipe with the same name as interactive service creates, > which makes it possible for malicious process with SeImpersonatePrivilege > impersonate as local user. > > This hardens the security of the pipe, making it possible only for > processes running as SYSTEM (such as interactive service) create the > pipe with the same name. > > While on it, replace EXPLICIT_ACCESS structures with SDDL string. > > CVE: 2024-4877 > > Change-Id: I35e783b79a332d247606e05a39e41b4d35d39b5d > Reported by: Zeze with TeamT5 <zez...@gmail.com> > Signed-off-by: Lev Stipakov <l...@openvpn.net> > --- > v2: > - ensure that sd is freed even if pipe creation failed > - added Reported-By > Acked-by: Selva Nair <selva.n...@gmail.com>
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel