On 5/29/25 02:46, Simon McVittie wrote:
On Tue, 27 May 2025 at 14:43:44 -0700, Alan Coopersmith forwarded:
The vulnerability is exploitable when:
1. A user passes the key specification in traditional format (
+0.18446744073709551615R)
How would an attacker trigger this? Is this only exploitable if the attacker has
control over the sort key (equivalent of -k), *and* the key is passed in to
sort(1) via the traditional +POS syntax rather than the POSIX -k option?
An excellent question, but I don't know if the people who were involved in
making the decision are on this list. (I wasn't, and was just passing on
the information I'd found.)
https://www.cve.org/CVERecord?id=CVE-2025-5278 says that Red Hat was the CNA
who issued the CVE - perhaps they have some insight?
--
-Alan Coopersmith- alan.coopersm...@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
