diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2022-02-25 02:54:22 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2022-02-25 02:58:48 +0100 |
commit | 322eaf84fa0d24cdfa4acc99ff4a8d5635ab0654 (patch) | |
tree | 84cf09416b8cf27d0c1ac938e5332bc049c04d28 /active/CVE-2021-3864 | |
parent | 4f1997da8949bfe55fdc4820e7def805bf3d4be8 (diff) |
Fill in status for most issues
Diffstat (limited to 'active/CVE-2021-3864')
-rw-r--r-- | active/CVE-2021-3864 | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/active/CVE-2021-3864 b/active/CVE-2021-3864 index f8e672c78..761221024 100644 --- a/active/CVE-2021-3864 +++ b/active/CVE-2021-3864 @@ -1,4 +1,4 @@ -Description: descendant's dumpable setting with certain SUID binaries +Description: setuid program that exec's can coredump in dir not writable by caller; priv-esc possible References: https://www.openwall.com/lists/oss-security/2021/10/20/2 https://bugzilla.redhat.com/show_bug.cgi?id=2015046 @@ -6,12 +6,22 @@ References: https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/ Notes: + bwh> The PoC exploits logrotate's lax parsing of configuration files + bwh> to inject commands via the coredump, but I think generally we + bwh> should assume that bypassing write-protection in any way can + bwh> lead to privilege escalation. + bwh> sudo is an important part of the PoC and should disable core- + bwh> dumps by default. + bwh> It's less clear what should be done in the kernel; possibly + bwh> some resource limits should be reset on exec of a setuid + bwh> program - see + bwh> https://lore.kernel.org/linux-api/87fso91n0v.fsf_-_@email.froward.int.ebiederm.org/ Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: +upstream: needed +5.10-upstream-stable: needed +4.19-upstream-stable: needed +4.9-upstream-stable: needed +sid: needed +5.10-bullseye-security: needed +4.19-buster-security: needed +4.9-stretch-security: needed |