[Fedora-i18n-bugs] [Bug 1108612] New: CVE-2014-3980 libfep: local privilege escalation via UNIX domain sockets in the abstract namespace
https://bugzilla.redhat.com/show_bug.cgi?id=1108612
Bug ID: 1108612 Summary: CVE-2014-3980 libfep: local privilege escalation via UNIX domain sockets in the abstract namespace Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: vkaigoro@redhat.com CC: dueno@redhat.com, i18n-bugs@lists.fedoraproject.org
It was discovered that libfep uses UNIX domain sockets in the abstract namespace in an insecure way. As a result, unprivileged local users were able to inject commands into running fep sessions of other users.
The upstream fix simply removes abstract namespace support, using a restricted directory to host the UNIX domain socket instead:
https://github.com/ueno/libfep/commit/293d9d3f
Abstract namespace support was introduced in this commit:
https://github.com/ueno/libfep/commit/5a170323
This means that versions from 0.0.5 to 0.0.9 (inclusive) are vulnerable, and 0.1.0 has the fix.
External references:
http://www.openwall.com/lists/oss-security/2014/06/05/16 http://www.securityfocus.com/bid/67903
https://bugzilla.redhat.com/show_bug.cgi?id=1108612
Vasyl Kaigorodov vkaigoro@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1108616
--- Comment #1 from Vasyl Kaigorodov vkaigoro@redhat.com ---
Created libfep tracking bugs for this issue:
Affects: fedora-all [bug 1108616]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1108616 [Bug 1108616] CVE-2014-3980 libfep: local privilege escalation via UNIX domain sockets in the abstract namespace [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1108612 Bug 1108612 depends on bug 1108616, which changed state.
Bug 1108616 Summary: CVE-2014-3980 libfep: local privilege escalation via UNIX domain sockets in the abstract namespace [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1108616
What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1108612
--- Comment #2 from Fedora Update System updates@fedoraproject.org --- libfep-0.1.0-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1108612
--- Comment #3 from Fedora Update System updates@fedoraproject.org --- libfep-0.1.0-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1108612
Martin Prpic mprpic@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|0.1.0 |libfep 0.1.0
https://bugzilla.redhat.com/show_bug.cgi?id=1108612
Ján Rusnačko jrusnack@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2014 |impact=moderate,public=2014 |0605,reported=20140612,sour |0605,reported=20140612,sour |ce=cvecan,cvss2=3.2/AV:L/AC |ce=cve,cvss2=3.2/AV:L/AC:L/ |:L/Au:S/C:P/I:P/A:N,fedora- |Au:S/C:P/I:P/A:N,fedora-all |all/libfep=affected |/libfep=affected
i18n-bugs@lists.fedoraproject.org
-
Red Hat Bugzilla