oss-sec mailing list archives
Re: CVE request -- linux kernel: overlay: fix permission checking for setattr
From: cve-assign () mitre org
Date: Wed, 23 Dec 2015 16:46:03 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A flaw was found in the overlay filesystem of the Linux kernel which allows an unprivileged user to change attributes of the files in the overlay, particularly allowing access to root-only-accessible files like '/etc/shadow'.
https://bugzilla.redhat.com/show_bug.cgi?id=1291329
A security issue was fixed in kernel 4.4-rc4 resolving the bypassing of filesystem permission checks in overlayfs during the initial copy_up.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545
Having these two ->setattr() (one to set verbatim copy of metadata, another to do what overlayfs ->setattr() had been asked to do in the first place) combined is where it breaks.
Use CVE-2015-8660. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWexUMAAoJEL54rhJi8gl5IEsQAMv5QaeC971YMHtFge/V5U+A 8YW0e6efEGffyK8VMPAxDsaXmaCfzw/tSPQvyERnU1dpBaleYq9XxBQ5nmDlOjV0 0StYAYlWt+WWuKxbcGM0YeQA6oNTnA0repZ/BRztGGYsXmshi/4X/UKSCyM08Ii7 vh/kWCfA9B3XpCyAB/Iqk3WUHJSULP0hJTvRXA31857+GNav/F4SwkyHRqoQR2G7 5A4MkGK8OPpRjarCyFRqkSogQc3b3lOkxwoBHFSzOREL2r67xDVPdD3ZDWU0MLSs 5V+qV+YmQvPOHNGVa3LuKHEmkgY0eLsSivEatgEb8JHjBLPD2+d+PRVg9fltC+Vi /hlXWAIjIYhaKK8D/dt8wEJjosdSA4rcS2VrCX3XYQgd5GBqYWQWftoT5dBTPnDk 1XZrkwo2cJSt/55GwGgBLuN/NF1G/nfEesqIHRg1u4rl3+Zg/SfWhtBE6qGG5BOI ei1c1GHi2HuqiAMzonFpkANNMEYwOTajfHfwI2ueMCWZ6L7kX279ZJYj1y1E0l5t vtcVb30TvCzkfaul1UmfomYpR38eVAvhX6XT4xziGPTzgWcdO4EYvxVPyLYYo3FE lE8iPTiVtkAyjb+jEN2hW9nRQ5bjTgbQ9tSXWCjqdxkcLCY3gmQ0BvaG7r20HkoM qX0+9OIXeKUYum3VRc1l =OtE0 -----END PGP SIGNATURE-----
Current thread:
- CVE request -- linux kernel: overlay: fix permission checking for setattr Vladis Dronov (Dec 23)
- Re: CVE request -- linux kernel: overlay: fix permission checking for setattr cve-assign (Dec 23)