'Re: [oss-security] CVE request: libgnomesu privilege escalation'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: libgnomesu privilege escalation
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-05-31 19:53:51
Message-ID: 760428907.397872.1306871631176.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- Original Message -----
> Hi,
> 
> The /usr/lib/libgnomesu/gnomesu-pam-backend suid binary which belongs
> to the libgnomesu package is not checking setuid() return values.
> 
> As a result, two cooperating users, or users with access to guest,
> cgi or web accounts can run arbitrary commands as root very easily.
> Attacker just needs to 'su' to this account where he knows the
> password
> from inside the second account and take care that enough zombie
> processes exist at the target account.
> 
> A patch is attached in our bugzilla:
> 
> https://bugzilla.novell.com/show_bug.cgi?id=695627
> 

Please use CVE-2011-1946.

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic