Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30741
HistoryMay 15, 2014 - 12:00 a.m.

[oss-security] Re: local privilege escalation due to capng_lock as used in seunshare

2014-05-1500:00:00
vulners.com
13
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We think there should be a CVE ID for the combination of these two
observations:

  1. seunshare is intended to be setuid root (see the
    http://userspace.selinuxproject.org/trac/browser/policycoreutils/sandbox/Makefile
    file)

  2. dropping privileges no longer makes the traditional change to the
    saved set-user-ID, as shown by the getresuid example in the
    http://openwall.com/lists/oss-security/2014/04/30/4 post

Use CVE-2014-3215.

This message obviously isn't intended to contribute to the technical
discussion of how the design of seunshare and other software led to
this state. Also, nobody has sent MITRE's cve-assign team a PoC in
which running seunshare contributes to a privilege escalation.
CVE-2014-3215 might be considered an "exposure." Essentially, running
seunshare is a way to bypass a potentially important protection
mechanism, and that wasn't a documented effect of installing
seunshare.

CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTaviCAAoJEKllVAevmvmsfkQH/21wa2jxXCFiCe8YorCTcQuk
XmoAgLF4bBNpP8ws8gtdHBWt5mQdo51+pZ9xAWc0og2+cqPCQZTnndookDKkbMSM
TMeI23USLjEqMLnBYBAy5WDwyFcCToBBiCDXpO6KGdLBwJ6A9EudJkUcU2R63jD5
wT84zak6hiGYJGnRxTlKxboMzVIFXlnWmYxm+cA7B9iGBV8bAZU/xOi9z0C2a13h
ZZYitwxwMvtpcQJZtf6iSxix4lH1RIeJmbFY5X8CTgQzpVEjCaW3GH/vpTX5ZpcJ
K2pxzuVIUhbxVapPmy4mYnhus78WVwOveydO7jdEk9yh9wnUZUte4ihizxJsxZU=
=P4Px
-----END PGP SIGNATURE-----

Related

nessus 23
f5 2
amazon 2
securityvulns 1
openvas 9
gentoo 1
debiancve 1
mageia 1
cve 1
prion 1
rosalinux 1
ubuntucve 1
oraclelinux 6
centos 1
redhat 1
nessus
nessus
Amazon Linux AMI : kernel (ALAS-2015-544)
2015-06-18 00:00:00
openSUSE Security Update : libcap-ng (openSUSE-SU-2014:0736-1)
2014-06-13 00:00:00
GLSA-201412-44 : policycoreutils: Privilege escalation
2014-12-29 00:00:00
f5
f5
K16596 : Privilege escalation vulnerability CVE-2014-3215
2015-05-11 00:00:00
SOL16596 - Privilege escalation vulnerability CVE-2014-3215
2015-05-11 00:00:00
amazon
amazon
Medium: libcap-ng
2015-06-16 10:27:00
Medium: kernel
2015-06-16 10:28:00
securityvulns
securityvulns
seunshare privileges escalation
2014-05-15 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-543)
2015-09-08 00:00:00
Gentoo Security Advisory GLSA 201412-44
2015-09-29 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-544)
2015-09-08 00:00:00
gentoo
gentoo
policycoreutils: Privilege escalation
2014-12-26 00:00:00
debiancve
debiancve
CVE-2014-3215
2014-05-08 10:55:00
mageia
mageia
Updated libcap-ng packages fix CVE-2014-3215
2014-06-06 09:49:51
cve
cve
CVE-2014-3215
2014-05-08 10:55:00
prion
prion
Code injection
2014-05-08 10:55:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1952
2021-07-02 17:58:55
ubuntucve
ubuntucve
CVE-2014-3215
2014-05-08 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2015-04-23 00:00:00
Unbreakable Enterprise kernel security update
2015-04-23 00:00:00
Unbreakable Enterprise kernel security update
2015-04-23 00:00:00
centos
centos
kernel, perf, python security update
2015-04-22 09:51:52
redhat
redhat
(RHSA-2015:0864) Important: kernel security and bug fix update
2015-04-21 00:00:00
JSON
Related for SECURITYVULNS:DOC:30741
nessus23f52amazon2securityvulns1openvas9gentoo1debiancve1mageia1cve1prion1rosalinux1ubuntucve1oraclelinux6centos1redhat1