Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Dec 2015 16:03:42 +0100
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: User man Local Root Exploit/Linux Kernel setgid
 Directory Privilege Escalation/PAM Owner Check Weakness

On 12/14/2015 12:59 AM, halfdog wrote:

> Here they are. I have got feedback, that at least Suse is not affected
> by that. As the affected configuration seems to not so common and also
> impact is not really high - usually no user-controllable services are
> run as user "man" - this should not be a great deal. It is just
> something to fix sometime, which should be possible now for more
> people as information now publicly available.
> 
> [1]
> http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
> 
> [2]
> http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/

I think systemd-tmpfiles can also have this issue, depending on system
configuration.  It's been assigned CVE-2013-4392, and has not been fixed
anywhere, as far as I know.

Florian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ