Bug 876832 (CVE-2014-3215) - VUL-1: CVE-2014-3215: libcap-ng: Local privilege escalation via seunshare
Summary: VUL-1: CVE-2014-3215: libcap-ng: Local privilege escalation via seunshare
Status: RESOLVED FIXED
Alias: CVE-2014-3215
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.2
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/98636/
Whiteboard: ibs:running:4161:low
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-08 08:15 UTC by Johannes Segitz
Modified: 2017-05-22 22:34 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Patch for CVE-2014-3215 (3.23 KB, patch)
2014-05-08 08:16 UTC, Johannes Segitz 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-05-08 08:15:11 UTC 
From Andy Lutomirski on OSS

capng_lock sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs as uid 0 but without capabilities, which is potentially dangerous.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3215
http://seclists.org/oss-sec/2014/q2/272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3215
http://openwall.com/lists/oss-security/2014/04/30/4
Comment 1 Johannes Segitz 2014-05-08 08:16:34 UTC 
Created attachment 589125 [details]
Patch for CVE-2014-3215

Taken from https://bugzilla.redhat.com/attachment.cgi?id=829864
Comment 2 SMASH SMASH 2014-05-08 08:20:10 UTC 
Affected packages:

SLE-11-SP3: policycoreutils
SLE-9-SP3-TERADATA: policycoreutils
SLE-11-SP1: policycoreutils
Comment 3 Swamp Workflow Management 2014-05-08 22:00:12 UTC 
bugbot adjusting priority
Comment 4 Vítězslav Čížek 2014-05-20 14:40:56 UTC 
The vulnerable package is libcap-ng (The attached patch fixes libcap-ng)

In addition, we don't ship seunshare as setuid:
%files sandbox
%defattr(-,root,root,-)
%attr(0755,root,root) %{_sbindir}/seunshare

Reassigning to libcap-ng maintainer.
Comment 5 Vítězslav Čížek 2014-05-20 15:32:45 UTC 
All packages submitted.
Back to security-team.
Comment 6 Bernhard Wiedemann 2014-05-20 16:00:13 UTC 
This is an autogenerated message for OBS integration:
This bug (876832) was mentioned in
https://build.opensuse.org/request/show/234873 13.1+12.3 / libcap-ng+libcap-ng-python
Comment 9 Swamp Workflow Management 2014-05-30 15:04:53 UTC 
openSUSE-SU-2014:0736-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 876832
CVE References: CVE-2014-3215
Sources used:
openSUSE 13.1 (src):    libcap-ng-0.7.3-2.4.1, libcap-ng-python-0.7.3-2.4.1
openSUSE 12.3 (src):    libcap-ng-0.6.6-11.4.1, libcap-ng-python-0.6.6-11.4.1
Comment 10 Swamp Workflow Management 2014-06-03 20:04:20 UTC 
openSUSE-SU-2014:0749-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 876832
CVE References: CVE-2014-3215
Sources used:
openSUSE 11.4 (src):    libcap-ng-0.6.5-6.1, libcap-ng-python-0.6.5-6.1
Comment 11 Johannes Segitz 2015-03-11 12:58:05 UTC 
not maintained for SLE, openSUSE is fixed
Comment 13 Swamp Workflow Management 2017-02-03 11:08:43 UTC 
SUSE-SU-2017:0375-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 876832
CVE References: CVE-2014-3215
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libcap-ng-0.6.3-1.9.6
SUSE Linux Enterprise Server 11-SP4 (src):    libcap-ng-0.6.3-1.9.6
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libcap-ng-0.6.3-1.9.6