oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness

From: Florian Weimer <fweimer () redhat com>
Date: Mon, 14 Dec 2015 16:03:42 +0100
On 12/14/2015 12:59 AM, halfdog wrote:


Here they are. I have got feedback, that at least Suse is not affected
by that. As the affected configuration seems to not so common and also
impact is not really high - usually no user-controllable services are
run as user "man" - this should not be a great deal. It is just
something to fix sometime, which should be possible now for more
people as information now publicly available.

[1]
http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/

[2]
http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/


I think systemd-tmpfiles can also have this issue, depending on system
configuration.  It's been assigned CVE-2013-4392, and has not been fixed
anywhere, as far as I know.

Florian
Previous By Date Next
Previous By Thread Next

Current thread: