Bug 990200 (CVE-2016-5759) - VUL-0: CVE-2016-5759: kdump: mkdumprd calls script in current working directory
Summary: VUL-0: CVE-2016-5759: kdump: mkdumprd calls script in current working directory
Status: RESOLVED FIXED
Alias: CVE-2016-5759
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: x86-64 SLES 12
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Petr Tesařík
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:SUSE:CVE-2016-5759:6.9:(AV:L/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-22 08:47 UTC by Markus Meisters
Modified: 2019-03-20 18:25 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2016-07-22 22:01:09 UTC 
bugbot adjusting priority
Comment 2 Andreas Stieger 2016-07-25 11:49:23 UTC 
The initrd variant uses the full path:

https://github.com/ptesarik/kdump/blob/master/init/mkdumprd#L109
> eval "bash -$- /sbin/mkinitrd $MKINITRD_ARGS"

The dracut variant does not:

https://github.com/ptesarik/kdump/blob/master/init/mkdumprd#L141
> eval "bash -$- dracut $DRACUT_ARGS"

Regenerating kdump initrd ...
+ eval 'bash -hxB dracut --force --hostonly --omit '\''plymouth resume usrmount'\'' --compress='\''xz -0 --check=crc32'\'' --mount '\''/dev/system/root /kdump/mnt0 ext4 acl,user_xattr'\'' --add '\''kdump'\'' /boot/initrd-4.1.27-27-default-kdump 4.1.27-27-default'
++ bash -hxB dracut --force --hostonly --omit 'plymouth resume usrmount' '--compress=xz -0 --check=crc32' --mount '/dev/system/root /kdump/mnt0 ext4 acl,user_xattr' --add kdump /boot/initrd-4.1.27-27-default-kdump 4.1.27-27-default

Petr, can you confirm this?


As this issue is private and SUSE code, I am assigning CVE-2016-5759 from the SUSE pool.
Comment 3 Andreas Stieger 2016-07-26 14:23:21 UTC 
Affects SLE 12 and up.
Comment 4 Andreas Stieger 2016-09-01 14:51:44 UTC 
Requesting update.
Comment 5 Petr Tesařík 2016-09-06 14:17:21 UTC 
There's a pending maintenance update (https://smash.suse.de/update/122568/) for SLE12 SP1 with submission ETA on Sep 8. Should I also submit to SLE12 (no SP)?
Comment 6 Marcus Meissner 2016-09-06 14:50:21 UTC 
I would currently not do a LTSS update for this problem, it does not fall under the ltss criteria.

so just sles12 sp1.
Comment 8 Petr Tesařík 2016-09-23 13:51:14 UTC 
Submitted to SLE12 SP1 and SP2.
Comment 9 Swamp Workflow Management 2016-10-17 17:12:16 UTC 
SUSE-SU-2016:2553-1: An update that solves one vulnerability and has 13 fixes is now available.

Category: security (moderate)
Bug References: 927451,932339,943214,951844,964206,970708,973213,974270,976864,980328,984799,987862,989972,990200
CVE References: CVE-2016-5759
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    kdump-0.8.15-29.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kdump-0.8.15-29.1
Comment 10 Swamp Workflow Management 2016-10-24 12:13:05 UTC 
openSUSE-SU-2016:2605-1: An update that solves one vulnerability and has 13 fixes is now available.

Category: security (moderate)
Bug References: 927451,932339,943214,951844,964206,970708,973213,974270,976864,980328,984799,987862,989972,990200
CVE References: CVE-2016-5759
Sources used:
openSUSE Leap 42.1 (src):    kdump-0.8.15-27.1