Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 26 Aug 2016 15:32:07 -0400 (EDT)
From: cve-assign@...re.org
To: vdronov@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://www.spinics.net/lists/linux-fsdevel/msg98328.html
> http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
> https://bugzilla.redhat.com/show_bug.cgi?id=1368938
> 
> When file permissions are modified via chmod(2) and the user is not in
> the owning group or capable of CAP_FSETID, the setgid bit is cleared in
> inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file
> permissions as well as the new ACL, but doesn't clear the setgid bit in
> a similar way; this allows to bypass the check in chmod(2).

Use CVE-2016-7097.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXwJjjAAoJEHb/MwWLVhi284YP/ihwFVoOjVLV9YP0yvlP/659
WSAvWtzaMIG6QuQvvJ5G9SdEhHTr7Jj1kvG0ro1pVKLHp7qjyJaKpGBTQHCcLJiP
Y90qISQr59A9ar25u7TuCEzsBxmIxgj474jk8PQQDG3AgekMfxyWYRFiowpzZW1i
oi4ruafp0pXwIj11iXtQH0fsyDfSZ19R9q7xCxm7P6aJKHT8OyJBcsvHmKunBodx
usfOWEPslskKWXkR5QPLVJdDmUaemDQTWqoVxUW3DjKBqda6YnmUWlV2DcQNpKxz
BOoak6kfSk9Oo8o37TGvFSqSRr5TEADZXQtIHSOpojK97AWY9MS1wDQI4Vw67Ift
626pc/Eg7eI/kSXuY+/v3XFK9P5Eml9xrciRyeQEQYbU3+jYNZ36QT0mSx/wniq4
Y9WsYw2r+FxQjj9F4Er3LEBKdGEv9Zz1B359/VvP747wIC9QYGI6X88PGxlFmp0I
zU/lSHz0K3hp/3tAjfs9LeGNZmjW6JJqfbX0EBReF1OL1UexbXrEZ2AYWuP6x0E9
UjrGrADbN/d6ZJljO2cgtGZURfiek3c8dFBrq44Brc4ZRs3zK5YbEORXbFd44gWM
PRJnTHnfb+FVMcPVmeWgobMDMGjzXB6JTceS8gS6+9SNdnYgKsMuQ7ZTmAEIG2zV
OmwRfyzqMNzGOiB7/ZS/
=9rZk
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.