Bugzilla – Bug 822832
VUL-0: kernel: CVE-2013-1959: /proc/<pid>/uid_map has multiple incorrect privilege checks
Last modified: 2015-03-05 10:15:36 UTC
Public: Date: Sun, 28 Apr 2013 19:23:46 -0700 From: Andy Lutomirski <luto@...capital.net> To: linux-kernel@...r.kernel.org, oss-security@...ts.openwall.com Subject: Multiple Linux setuid output redirection vulnerabilities Some of the recent -stable patches are (surprise!) security fixes. These were disclosed on the distros list last week. CVE-2013-1959: /proc/<pid>/uid_map has multiple incorrect privilege checks Linux 3.8 and various 3.9 rcs are affected, depending on configuration. This gives a root shell. (Actually, it gives a uid 0 shell with no capabilities, but that's easy to escalate to full root.) Fixed by: commit 935d8aabd4331f47a89c3e1daa5779d23cf244ee Author: Linus Torvalds <torvalds@...ux-foundation.org> Date: Sun Apr 14 10:06:31 2013 -0700 Add file_ns_capable() helper function for open-time capability checking commit 6708075f104c3c9b04b23336bb0366ca30c3931b Author: Eric W. Biederman <ebiederm@...ssion.com> Date: Sun Apr 14 13:47:02 2013 -0700 userns: Don't let unprivileged users trick privileged users into setting the id_map commit e3211c120a85b792978bcb4be7b2886df18d27f0 Author: Andy Lutomirski <luto@...capital.net> Date: Sun Apr 14 16:28:19 2013 -0700 userns: Check uid_map's opener's fsuid, not the current fsuid All three patches are needed.
Non openSUSE or SLE kernels are affected. Closing as invalid.