oss-sec mailing list archives
Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness
From: Florian Weimer <fweimer () redhat com>
Date: Mon, 14 Dec 2015 16:03:42 +0100
On 12/14/2015 12:59 AM, halfdog wrote:
Here they are. I have got feedback, that at least Suse is not affected by that. As the affected configuration seems to not so common and also impact is not really high - usually no user-controllable services are run as user "man" - this should not be a great deal. It is just something to fix sometime, which should be possible now for more people as information now publicly available. [1] http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ [2] http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/
I think systemd-tmpfiles can also have this issue, depending on system configuration. It's been assigned CVE-2013-4392, and has not been fixed anywhere, as far as I know. Florian
Current thread:
- User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 02)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 13)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Dag-Erling Smørgrav (Dec 14)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 14)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Solar Designer (Dec 14)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 20)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Dag-Erling Smørgrav (Dec 15)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 15)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness cve-assign (Dec 15)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness Dag-Erling Smørgrav (Dec 14)
- Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness halfdog (Dec 13)