Date: Mon, 14 Dec 2015 14:31:13 -0500 (EST) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ > http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ The MITRE CVE team doesn't exactly know what we can do with these references. The first one mentions a CVE ID from Ubuntu, CVE-2015-1336, but http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html doesn't yet exist. Possibly the CVE ID is supposed to be for use of "chown man" in /etc/cron.daily/man-db within both Ubuntu and Debian distributions. The second one doesn't mention any CVE ID. Would it be useful for MITRE to assign a CVE ID for the permissions/ownerships error of: drwxr-sr-x 25 man root 4096 May 15 00:40 /var/cache/man ? Our understanding is that this is, more or less, currently unsupported by the Linux kernel. In other words, it is not valid to choose that specific set of permissions/ownerships if one is concerned about an attack by someone with the uid of the man account. This issue affects both Ubuntu and Debian distributions. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWbxiyAAoJEL54rhJi8gl552wP/3D/YIy6rhxrmiWHUXu0gxAA Xq8HHyVOTT1o1ZWmY/BkKWfGXMjD0CcE46ie0e2nqaT2DBtcr94n3djJ7TeAcrjf D8lS7TTqMzO5IjR0kAWxxj9UzwUeKDjQk7//u4RGm1+5zm6wx3V9ES5Ey3I7eBu9 +Xb92pIl00PFaJ0xR8mYXiwBYtEDXgeY3F7AXeVWU+yGlfgJ+vZYJvb8wCm/daYE 6Flg2+6ij2UUjx5UJd1SG6k1j7vfzWHYf0nqJvZwyTUN/ljBV3Nq4Q2er/4DYsaQ g+hEC3g3hFVqfeJKyi1fBFmk784bCR3hrBXPiwEB+61bFTIpXSX55sZiaqlKxFad LcJqOUDkqUlhR0+KUIXYgVEKHPrmJtfJZAbZdZYpNuduSnVsS7T+A5ub3Brz1CZs zaIwemEIgKV5o9YRSF51ZBWj2yecUdkpQ53388b0NyHCx+g9G1w4CpLxnKtVZJOm YYp1kn3HgqXJ1l2L5HrDlrNW0KN6P6YrxgG6lr0gUwVd96ER8823m95kteiEik2p J+SWLnphlWvSjVUU3Bwlg/iHzOOY2HOPycEb/SJhqg6FTGzs55QPkrSQnU4hdOgF EojG2z3HzXcB6edefm/O/WWhosQ+NJhxdaO4/rnTxtfV2sokt/6988eiK8to7kdk gGnY6T6rbsl7x+DBnpHr =lZEJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.