https://bugzilla.redhat.com/show_bug.cgi?id=1108612
Bug ID: 1108612
Summary: CVE-2014-3980 libfep: local privilege escalation via
UNIX domain sockets in the abstract namespace
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: dueno(a)redhat.com, i18n-bugs(a)lists.fedoraproject.org
It was discovered that libfep uses UNIX domain sockets in the abstract
namespace in an insecure way. As a result, unprivileged local users
were able to inject commands into running fep sessions of other users.
The upstream fix simply removes abstract namespace support, using a
restricted directory to host the UNIX domain socket instead:
https://github.com/ueno/libfep/commit/293d9d3f
Abstract namespace support was introduced in this commit:
https://github.com/ueno/libfep/commit/5a170323
This means that versions from 0.0.5 to 0.0.9 (inclusive) are vulnerable,
and 0.1.0 has the fix.
External references:
http://www.openwall.com/lists/oss-security/2014/06/05/16
http://www.securityfocus.com/bid/67903
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=ZaCbDdpjD1&a=cc_unsubscribe