[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- rpm -- Fails to remove the
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-06-03 18:42:52
Message-ID: 1769822633.1087291275590572969.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
>
> Jan Lieskovsky wrote:
> > Hi Steve, vendors,
> >
> > Matt McCutchen pointed out a deficiency in the way rpm handled rpm
> > package upgrades -- it failed to clear out the SUID/SGID bits of the
> > old file by file replacement when privileged user performed package
> > upgrade. Under certain circumstances, a local, authenticated user
> > could use this flaw to escalate their privileges.
>
> Maybe obvious and natural conclusion from previous post already, but Panu
> clarified yet, similar deficiency holds for dealing with posix file
> capabilities and SELinux contexts, i.e. they are not cleared after pkg
> upgrade. Not sure second CVE is needed for this, but if one is enough,
> wanted to explicitly mention this, so it can be described in the text of
> the CVE too.
>
I'm going to give both of these the same CVE id. The issues are very
related, and I had look at the CWE guide, they both seem to fall under
"CWE-281: Improper Preservation of Permissions"
Steve, feel free to overrule me on this one.
CVE-2010-2059
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic