CVE-2018-8087 and CVE-2016-4998 #218
Conversation
cves/kernel/CVE-2016-4998.yml
Outdated
| @@ -55,7 +55,7 @@ description_instructions: | | |||
|
|
|||
| Your target audience is people just like you before you took any course in | |||
| security | |||
| description: | |||
| description: underprivileged users were able to call a command normally limited to root. This allows for underprivileged user root access. | |||
There was a problem hiding this comment.
First sentence should be capitalized. Also, the official CVE description contains more information about the vulnerability than this description does. As a reader, I'm left wondering "What was the command? How were underprivileged users able to access it? What impacts could exploiting this vulnerability have?" I would suggest adding this context to your description.
cves/kernel/CVE-2016-4998.yml
Outdated
| automated: | ||
| contest: | ||
| developer: | ||
| answer: This vulnerability was found by using a fuzzer tool on the linux kernel |
There was a problem hiding this comment.
Missing period at end of sentence.
cves/kernel/CVE-2016-4998.yml
Outdated
| @@ -167,8 +153,8 @@ autodiscoverable: | |||
|
|
|||
| The answer field should be boolean. In answer_note, please explain | |||
| why you come to that conclusion. | |||
| note: | |||
| answer: | |||
| note: This was discovered by an automated fuzzer | |||
There was a problem hiding this comment.
Missing period at end of sentence.
| @@ -184,8 +170,8 @@ specification: | |||
|
|
|||
| The answer field should be boolean. In answer_note, please explain | |||
| why you come to that conclusion. | |||
| note: | |||
| answer: | |||
| note: there was no violation of any standard as this was a memory spacing issue. | |||
There was a problem hiding this comment.
First word in sentence should be capitalized.
cves/kernel/CVE-2016-4998.yml
Outdated
| note: | ||
| i18n: | ||
| answer: false | ||
| note: This did not have to do with i18n as it was an issue with having access to too much memory |
There was a problem hiding this comment.
Missing period at end of sentence.
cves/kernel/CVE-2016-4998.yml
Outdated
| answer: | ||
| note: | ||
| answer: false | ||
| note: This did not violate a sandboxing feature that the system provides |
There was a problem hiding this comment.
Missing period at end of sentence.
cves/kernel/CVE-2016-4998.yml
Outdated
| answer: | ||
| note: | ||
| answer: false | ||
| note: no IPC was occuring. |
There was a problem hiding this comment.
First word in sentence should be capitalized.
cves/kernel/CVE-2016-4998.yml
Outdated
| note: | ||
| discussed_as_security: false | ||
| any_discussion: false | ||
| note: there was minimal discussion as this was discovered then immediately fixed |
There was a problem hiding this comment.
Missing period and first word in sentence should be capitalized.
cves/kernel/CVE-2016-4998.yml
Outdated
| answer: | ||
| note: | ||
| answer: false | ||
| note: the only discussion present was during fuzzing the kernel. |
There was a problem hiding this comment.
First word in sentence should be capitalized. Also this information is not correct as the commit that fixed the issue was signed off on by Florian Westphal and Pablo Neira Ayuso.
cves/kernel/CVE-2016-4998.yml
Outdated
| note: | ||
| any_stacktraces: false | ||
| stacktrace_with_fix: false | ||
| note: no stacktrace as this was discovered by fuzzing and posted on a forum. |
There was a problem hiding this comment.
First word in sentence should be capitalized.
cves/kernel/CVE-2016-4998.yml
Outdated
| answer: | ||
| note: | ||
| answer: true | ||
| note: there was a missing check to see that the data being accessed was within the active blob |
There was a problem hiding this comment.
Missing period and first word in sentence should be capitalized. Also "the data being accessed was within the active blob" feels a little too jargony for readers without further explanation.
cves/kernel/CVE-2016-4998.yml
Outdated
| @@ -369,7 +322,7 @@ order_of_operations: | |||
| Answer must be true or false. | |||
| Write a note about how you came to the conclusions you did, regardless of | |||
| what your answer was. | |||
| answer: | |||
| answer: false | |||
| note: | |||
cves/kernel/CVE-2016-4998.yml
Outdated
| nickname_instructions: | | ||
| A catchy name for this vulnerability that would draw attention it. | ||
| If the report mentions a nickname, use that. | ||
| Must be under 30 characters. Optional. | ||
| nickname: | ||
| CVSS: | ||
| nickname: out of blob memory access |
There was a problem hiding this comment.
Looking at the other vulnerabilities on the VHP website, this should be capitalized like a title for consistency.
cves/kernel/CVE-2016-4998.yml
Outdated
| @@ -467,11 +420,10 @@ CWE_instructions: | | |||
| CWE: | |||
| - 119 | |||
| CWE_note: | | |||
| CWE as registered in the NVD. If you are curating, check that this | |||
| is correct and replace this comment with "Manually confirmed". | |||
| manually confirmed | |||
cves/kernel/CVE-2016-4998.yml
Outdated
| @@ -448,7 +401,7 @@ mistakes: | |||
|
|
|||
| Write a thoughtful entry here that people in the software engineering | |||
| industry would find interesting. | |||
| answer: | |||
| answer: There was a forgotten check that made a small error. This mistake was most likely a lapse during development | |||
There was a problem hiding this comment.
Last sentence missing period. Also what was the lapse in judgement? The reader may not look at the source code, so I would suggest including a high-level description of the check that was forgotten.
Completed yaml files for CVE-2018-8087 and CVE-2016-4998