oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE request] Local privilege escalation in libfep

From: Florian Weimer <fweimer () redhat com>
Date: Thu, 05 Jun 2014 13:40:02 +0200
It was discovered that libfep uses UNIX domain sockets in the abstract namespace in an insecure way. As a result, unprivileged local users were able to inject commands into running fep sessions of other users.
The upstream fix simply removes abstract namespace support, using a restricted directory to host the UNIX domain socket instead: 

https://github.com/ueno/libfep/commit/293d9d3f

Abstract namespace support was introduced in this commit:

https://github.com/ueno/libfep/commit/5a170323
This means that versions from 0.0.5 to 0.0.9 (inclusive) are vulnerable, and 0.1.0 has the fix. 

--
Florian Weimer / Red Hat Product Security Team
Previous By Date Next
Previous By Thread Next

Current thread: