Re: CVE Request: seunshare and setexeccon issues

[Andy Lutomirski <luto () amacapital net>]

On Mon, May 12, 2014 at 12:26 PM, Solar Designer <solar () openwall com> wrote:
> On Mon, May 12, 2014 at 12:21:49PM -0700, Andy Lutomirski wrote:
> > On Mon, May 12, 2014 at 12:16 PM, Solar Designer <solar () openwall com> wrote:
> > > On Mon, May 12, 2014 at 10:34:00AM -0700, Andy Lutomirski wrote:
> > > > I'm not sure how many CVE numbers should be assigned here.  As far as
> > > > I know, none have been assigned so far.
> > >
> > > I think you missed this:
> > >
> > > http://www.openwall.com/lists/oss-security/2014/05/08/1
> > >
> > > in which CVE-2014-3215 was assigned.
> >
> > I did.  Thanks.
>
> Does your CVE request still stand, or are you satisfied with this one
> CVE id for the interaction (not for a particular component)?

I think that one CVE is for the interaction is fine.

> > FWIW, it appears that common exim configurations are vulnerable, so
> > this might be worse than just an exposure.
>
> Please try to demo this.  Thanks!

I can give it a shot, but there's no ETA, since I have no clue how to
use exim.  I just looked at the source, and it appears to use setuid
(as opposed to setresuid) to drop privileges, and it will dlopen
user-requested libraries.

I think that the other issues in the original post may be CVE-worthy
despite their low impact -- they can, at best, cause sandbox
protection to be less effective than intended.

--Andy