oss-sec mailing list archives

util-linux 2.29.2 fixes CVE-2017-2616

From: Marcus Meissner <meissner () suse de>
Date: Thu, 23 Feb 2017 08:46:30 +0100

Hi,

util-linux 2.29.2 fixes CVE-2017-2616, a race condition which allowed local users
to kill other processes.

https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.2-ReleaseNotes

"
  It is possible for any local user to send SIGKILL to other processes with root
  privileges.  To exploit this, the user must be able to perform su with a
  successful login.  SIGKILL can only be sent to processes which were executed
  after the su process.  It is not possible to send SIGKILL to processes which
  were already running.
"

Root cause of the flaw that a regular exit of the child process and the su ctrl-c kill of the
child PID could race and so you would be able to later started process with this specific PID.

The fix is here:
https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891

Ciao, Marcus

Current thread:

util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 22)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
  - Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
    - Re: util-linux 2.29.2 fixes CVE-2017-2616 Assaf Gordon (Feb 23)
    - Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
    - Re: util-linux 2.29.2 fixes CVE-2017-2616 Bálint Réczey (Feb 23)
    - Re: util-linux 2.29.2 fixes CVE-2017-2616 Emilio Pozuelo Monfort (Feb 23)
    - Re: util-linux 2.29.2 fixes CVE-2017-2616 Serge E. Hallyn (Feb 23)
    - Re: util-linux 2.29.2 fixes CVE-2017-2616 Leo Famulari (Feb 23)
    - Re: util-linux 2.29.2 fixes CVE-2017-2616 Tobias Stöckmann (Feb 23)