oss-sec mailing list archives
Re: local privilege escalation due to capng_lock as used in seunshare
From: cve-assign () mitre org
Date: Wed, 7 May 2014 23:29:13 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We think there should be a CVE ID for the combination of these two observations: 1. seunshare is intended to be setuid root (see the http://userspace.selinuxproject.org/trac/browser/policycoreutils/sandbox/Makefile file) 2. dropping privileges no longer makes the traditional change to the saved set-user-ID, as shown by the getresuid example in the http://openwall.com/lists/oss-security/2014/04/30/4 post Use CVE-2014-3215. This message obviously isn't intended to contribute to the technical discussion of how the design of seunshare and other software led to this state. Also, nobody has sent MITRE's cve-assign team a PoC in which running seunshare contributes to a privilege escalation. CVE-2014-3215 might be considered an "exposure." Essentially, running seunshare is a way to bypass a potentially important protection mechanism, and that wasn't a documented effect of installing seunshare. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTaviCAAoJEKllVAevmvmsfkQH/21wa2jxXCFiCe8YorCTcQuk XmoAgLF4bBNpP8ws8gtdHBWt5mQdo51+pZ9xAWc0og2+cqPCQZTnndookDKkbMSM TMeI23USLjEqMLnBYBAy5WDwyFcCToBBiCDXpO6KGdLBwJ6A9EudJkUcU2R63jD5 wT84zak6hiGYJGnRxTlKxboMzVIFXlnWmYxm+cA7B9iGBV8bAZU/xOi9z0C2a13h ZZYitwxwMvtpcQJZtf6iSxix4lH1RIeJmbFY5X8CTgQzpVEjCaW3GH/vpTX5ZpcJ K2pxzuVIUhbxVapPmy4mYnhus78WVwOveydO7jdEk9yh9wnUZUte4ihizxJsxZU= =P4Px -----END PGP SIGNATURE-----
Current thread:
- Re: local privilege escalation due to capng_lock as used in seunshare, (continued)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 29)
- Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski (Apr 30)
- Re: Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Daniel J Walsh (May 01)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare John Haxby (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare cve-assign (May 07)