Main Vulnerability Database SB2014122602

SB2014122602 - Gentoo update for policycoreutils

Published: December 26, 2014 Updated: September 25, 2016

Security Bulletin ID SB2014122602

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-3215)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/
https://security.gentoo.org/glsa/201412-44