[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- rpm -- Fails to remove the
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-06-03 18:42:52
Message-ID: 1769822633.1087291275590572969.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:

> 
> Jan Lieskovsky wrote:
> > Hi Steve, vendors,
> > 
> >    Matt McCutchen pointed out a deficiency in the way rpm handled rpm
> >    package upgrades -- it failed to clear out the SUID/SGID bits of the
> >    old file by file replacement when privileged user performed package
> >    upgrade. Under certain circumstances, a local, authenticated user
> >    could use this flaw to escalate their privileges.
> 
> Maybe obvious and natural conclusion from previous post already, but Panu
> clarified yet, similar deficiency holds for dealing with posix file
> capabilities and SELinux contexts, i.e. they are not cleared after pkg
> upgrade. Not sure second CVE is needed for this, but if one is enough,
> wanted to explicitly mention this, so it can be described in the text of
> the CVE too.
> 

I'm going to give both of these the same CVE id. The issues are very
related, and I had look at the CWE guide, they both seem to fall under
"CWE-281: Improper Preservation of Permissions"

Steve, feel free to overrule me on this one.

CVE-2010-2059

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic