oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness

From: halfdog <me () halfdog net>
Date: Sun, 13 Dec 2015 23:59:52 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

halfdog wrote:

Hello List,

Those three interlinked issues did not find complete 
discussion/solution in the past 3 month after reporting to Linux 
distributor, but there is silent approval for disclosure (for 
2015-11-30).

Send me a note, if someone else wants to take a look before that, 
otherwise I would post the links 2015-12-14.


Here they are. I have got feedback, that at least Suse is not affected
by that. As the affected configuration seems to not so common and also
impact is not really high - usually no user-controllable services are
run as user "man" - this should not be a great deal. It is just
something to fix sometime, which should be possible now for more
people as information now publicly available.

[1]
http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/

[2]
http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/

hd

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlZuBnAACgkQxFmThv7tq+7WkQCfV1pdQBOseacrAXeIAsQ/YriJ
LgUAnAyAt3uoTchM8dB6H1s7NKXjMceL
=hP2B
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: