https://bugzilla.redhat.com/show_bug.cgi?id=1108612 Bug ID: 1108612 Summary: CVE-2014-3980 libfep: local privilege escalation via UNIX domain sockets in the abstract namespace Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: dueno(a)redhat.com, i18n-bugs(a)lists.fedoraproject.org It was discovered that libfep uses UNIX domain sockets in the abstract namespace in an insecure way. As a result, unprivileged local users were able to inject commands into running fep sessions of other users. The upstream fix simply removes abstract namespace support, using a restricted directory to host the UNIX domain socket instead: https://github.com/ueno/libfep/commit/293d9d3f Abstract namespace support was introduced in this commit: https://github.com/ueno/libfep/commit/5a170323 This means that versions from 0.0.5 to 0.0.9 (inclusive) are vulnerable, and 0.1.0 has the fix. External references: http://www.openwall.com/lists/oss-security/2014/06/05/16 http://www.securityfocus.com/bid/67903 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ZaCbDdpjD1&a=cc_unsubscribe