Bug 836949 (CVE-2013-4270) - VUL-1: CVE-2013-4270: kernel: open O_WRONLY succeeds on some root owned files in /proc for process running with unprivileged EUID
Summary: VUL-1: CVE-2013-4270: kernel: open O_WRONLY succeeds on some root owned files...
Status: RESOLVED FIXED
Alias: CVE-2013-4270
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-27 09:09 UTC by Matthias Weckbecker
Modified: 2016-04-27 20:15 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2013-08-27 22:00:30 UTC 
bugbot adjusting priority
Comment 2 Alexander Bergmann 2013-08-29 08:37:56 UTC 
CVE-2013-4270 was assigned to this issue.
Comment 3 Marcus Meissner 2013-11-27 21:38:05 UTC 
mainline commit 2433c8f094a008895e66f25bd1773cdb01c91d01
Author: Eric W. Biederman <ebiederm@xmission.com>
Date:   Sat Oct 5 13:15:30 2013 -0700

    net: Update the sysctl permissions handler to test effective uid/gid
    
    Modify the code to use current_euid(), and in_egroup_p, as in done
    in fs/proc/proc_sysctl.c:test_perm()
    
    Cc: stable@vger.kernel.org
    Reviewed-by: Eric Sandeen <sandeen@redhat.com>
    Reported-by: Eric Sandeen <sandeen@redhat.com>
    Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Comment 5 Takashi Iwai 2014-03-24 15:25:34 UTC 
SLE11, openSUSE 12.3 and earlier -> doesn't affect

openSUSE 13.1 -> 3.11.5 stable kernel already contains the backport

SLE12 and later -> 3.12 contains the original fix commit

So, we can close this bug.  To be sure, I take this back to security-team.
Comment 6 Alexander Bergmann 2014-04-28 15:43:55 UTC 
This is fixed. Closing bug.