Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 7 May 2014 23:29:13 -0400 (EDT)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: local privilege escalation due to capng_lock as used in seunshare

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We think there should be a CVE ID for the combination of these two
observations:

1. seunshare is intended to be setuid root (see the
http://userspace.selinuxproject.org/trac/browser/policycoreutils/sandbox/Makefile
file)

2. dropping privileges no longer makes the traditional change to the
saved set-user-ID, as shown by the getresuid example in the
http://openwall.com/lists/oss-security/2014/04/30/4 post

Use CVE-2014-3215.

This message obviously isn't intended to contribute to the technical
discussion of how the design of seunshare and other software led to
this state. Also, nobody has sent MITRE's cve-assign team a PoC in
which running seunshare contributes to a privilege escalation.
CVE-2014-3215 might be considered an "exposure." Essentially, running
seunshare is a way to bypass a potentially important protection
mechanism, and that wasn't a documented effect of installing
seunshare.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTaviCAAoJEKllVAevmvmsfkQH/21wa2jxXCFiCe8YorCTcQuk
XmoAgLF4bBNpP8ws8gtdHBWt5mQdo51+pZ9xAWc0og2+cqPCQZTnndookDKkbMSM
TMeI23USLjEqMLnBYBAy5WDwyFcCToBBiCDXpO6KGdLBwJ6A9EudJkUcU2R63jD5
wT84zak6hiGYJGnRxTlKxboMzVIFXlnWmYxm+cA7B9iGBV8bAZU/xOi9z0C2a13h
ZZYitwxwMvtpcQJZtf6iSxix4lH1RIeJmbFY5X8CTgQzpVEjCaW3GH/vpTX5ZpcJ
K2pxzuVIUhbxVapPmy4mYnhus78WVwOveydO7jdEk9yh9wnUZUte4ihizxJsxZU=
=P4Px
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ