Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20151214193113.546CDABC018@smtpvmsrv1.mitre.org>
Date: Mon, 14 Dec 2015 14:31:13 -0500 (EST)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: User man Local Root Exploit/Linux Kernel setgid Directory Privilege Escalation/PAM Owner Check Weakness

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
> http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/

The MITRE CVE team doesn't exactly know what we can do with these
references. The first one mentions a CVE ID from Ubuntu,
CVE-2015-1336, but
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html
doesn't yet exist. Possibly the CVE ID is supposed to be for use of
"chown man" in /etc/cron.daily/man-db within both Ubuntu and Debian
distributions.

The second one doesn't mention any CVE ID. Would it be useful for
MITRE to assign a CVE ID for the permissions/ownerships error of:

  drwxr-sr-x 25 man root 4096 May 15 00:40 /var/cache/man

? Our understanding is that this is, more or less, currently
unsupported by the Linux kernel. In other words, it is not valid to
choose that specific set of permissions/ownerships if one is concerned
about an attack by someone with the uid of the man account. This issue
affects both Ubuntu and Debian distributions.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWbxiyAAoJEL54rhJi8gl552wP/3D/YIy6rhxrmiWHUXu0gxAA
Xq8HHyVOTT1o1ZWmY/BkKWfGXMjD0CcE46ie0e2nqaT2DBtcr94n3djJ7TeAcrjf
D8lS7TTqMzO5IjR0kAWxxj9UzwUeKDjQk7//u4RGm1+5zm6wx3V9ES5Ey3I7eBu9
+Xb92pIl00PFaJ0xR8mYXiwBYtEDXgeY3F7AXeVWU+yGlfgJ+vZYJvb8wCm/daYE
6Flg2+6ij2UUjx5UJd1SG6k1j7vfzWHYf0nqJvZwyTUN/ljBV3Nq4Q2er/4DYsaQ
g+hEC3g3hFVqfeJKyi1fBFmk784bCR3hrBXPiwEB+61bFTIpXSX55sZiaqlKxFad
LcJqOUDkqUlhR0+KUIXYgVEKHPrmJtfJZAbZdZYpNuduSnVsS7T+A5ub3Brz1CZs
zaIwemEIgKV5o9YRSF51ZBWj2yecUdkpQ53388b0NyHCx+g9G1w4CpLxnKtVZJOm
YYp1kn3HgqXJ1l2L5HrDlrNW0KN6P6YrxgG6lr0gUwVd96ER8823m95kteiEik2p
J+SWLnphlWvSjVUU3Bwlg/iHzOOY2HOPycEb/SJhqg6FTGzs55QPkrSQnU4hdOgF
EojG2z3HzXcB6edefm/O/WWhosQ+NJhxdaO4/rnTxtfV2sokt/6988eiK8to7kdk
gGnY6T6rbsl7x+DBnpHr
=lZEJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.