Date: Wed, 7 May 2014 23:29:13 -0400 (EDT) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: local privilege escalation due to capng_lock as used in seunshare -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We think there should be a CVE ID for the combination of these two observations: 1. seunshare is intended to be setuid root (see the http://userspace.selinuxproject.org/trac/browser/policycoreutils/sandbox/Makefile file) 2. dropping privileges no longer makes the traditional change to the saved set-user-ID, as shown by the getresuid example in the http://openwall.com/lists/oss-security/2014/04/30/4 post Use CVE-2014-3215. This message obviously isn't intended to contribute to the technical discussion of how the design of seunshare and other software led to this state. Also, nobody has sent MITRE's cve-assign team a PoC in which running seunshare contributes to a privilege escalation. CVE-2014-3215 might be considered an "exposure." Essentially, running seunshare is a way to bypass a potentially important protection mechanism, and that wasn't a documented effect of installing seunshare. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTaviCAAoJEKllVAevmvmsfkQH/21wa2jxXCFiCe8YorCTcQuk XmoAgLF4bBNpP8ws8gtdHBWt5mQdo51+pZ9xAWc0og2+cqPCQZTnndookDKkbMSM TMeI23USLjEqMLnBYBAy5WDwyFcCToBBiCDXpO6KGdLBwJ6A9EudJkUcU2R63jD5 wT84zak6hiGYJGnRxTlKxboMzVIFXlnWmYxm+cA7B9iGBV8bAZU/xOi9z0C2a13h ZZYitwxwMvtpcQJZtf6iSxix4lH1RIeJmbFY5X8CTgQzpVEjCaW3GH/vpTX5ZpcJ K2pxzuVIUhbxVapPmy4mYnhus78WVwOveydO7jdEk9yh9wnUZUte4ihizxJsxZU= =P4Px -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ