Fill in status for most issues

1 files changed, 19 insertions, 9 deletions

diff --git a/active/CVE-2021-3864 b/active/CVE-2021-3864
index f8e672c78..761221024 100644
--- a/active/CVE-2021-3864
+++ b/active/CVE-2021-3864
@@ -1,4 +1,4 @@
-Description: descendant's dumpable setting with certain SUID binaries
+Description: setuid program that exec's can coredump in dir not writable by caller; priv-esc possible
 References:
  https://www.openwall.com/lists/oss-security/2021/10/20/2
  https://bugzilla.redhat.com/show_bug.cgi?id=2015046
@@ -6,12 +6,22 @@ References:
  https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com
  https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/
 Notes:
+ bwh> The PoC exploits logrotate's lax parsing of configuration files
+ bwh> to inject commands via the coredump, but I think generally we
+ bwh> should assume that bypassing write-protection in any way can
+ bwh> lead to privilege escalation.
+ bwh> sudo is an important part of the PoC and should disable core-
+ bwh> dumps by default.
+ bwh> It's less clear what should be done in the kernel; possibly
+ bwh> some resource limits should be reset on exec of a setuid
+ bwh> program - see
+ bwh> https://lore.kernel.org/linux-api/87fso91n0v.fsf_-_@email.froward.int.ebiederm.org/
 Bugs:
-upstream:
-5.10-upstream-stable:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-5.10-bullseye-security:
-4.19-buster-security:
-4.9-stretch-security:
+upstream: needed
+5.10-upstream-stable: needed
+4.19-upstream-stable: needed
+4.9-upstream-stable: needed
+sid: needed
+5.10-bullseye-security: needed
+4.19-buster-security: needed
+4.9-stretch-security: needed