Описание
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.
A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | policycoreutils | Will not fix | ||
| Red Hat Enterprise Linux 6 | libcap-ng | Will not fix | ||
| Red Hat Enterprise Linux 6 | policycoreutils | Will not fix | ||
| Red Hat Enterprise Linux 6 | selinux-policy | Will not fix | ||
| Red Hat Enterprise Linux 7 | policycoreutils | Not affected | ||
| Red Hat Enterprise Linux 7 | selinux-policy | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2015:0864 | 21.04.2015 |
| Red Hat Enterprise Linux 7 | libcap-ng | Fixed | RHBA-2015:2161 | 19.11.2015 |
Показывать по
Дополнительная информация
Статус:
6.9 Medium
CVSS2
Связанные уязвимости
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissi ...
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.
6.9 Medium
CVSS2