Bug 1214030 (CVE-2015-3339)
| Summary: | CVE-2015-3339 kernel: race condition between chown() and execve() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | agordeev, aquini, arm-mgr, bhu, blc, dhoward, esammons, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, joelsmith, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, mdshaikh, mguzik, mlangsdo, nmurray, plougher, rt-maint, rvrbovsk, slawomir, williams, wmealing |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-10 05:52:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1216267, 1216268, 1216269, 1216270, 1216307, 1216308, 1217698, 1218641, 1218643 | ||
| Bug Blocks: | 1214031 | ||
|
Description
Martin Prpič
2015-04-21 19:10:44 UTC
I went ahead and backported this to Fedora. All branches are fixed in git. Statement: This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 7 and MRG-2. This issue is not currently planned to be addressed in future Red Hat Enterprise Linux 5 kernel updates. Future Linux kernel updates for other releases may address this issue. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. kernel-4.0.1-300.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. kernel-3.19.7-200.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. kernel-3.19.8-100.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1272 https://rhn.redhat.com/errata/RHSA-2015-1272.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2411 https://rhn.redhat.com/errata/RHSA-2015-2411.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2152 https://rhn.redhat.com/errata/RHSA-2015-2152.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2152 https://rhn.redhat.com/errata/RHSA-2015-2152.html |