Bug 1418204 (CVE-2017-5899)
Summary: | CVE-2017-5899 s-nail: privsep helper local privilege escalation | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | anemec, dmitry, jchaloup, nforro, sardella |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-02-01 16:44:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1418205 |
Description
Andrej Nemec
2017-02-01 09:35:58 UTC
Fedora still uses the old mailx-12.5 (from Heirloom project). It looks that vulnerability had appeared in the new, forked code only (from git.sdaoden.eu), since there are no any "privsep.c" files in the 12.5 version. (In reply to Dmitry Butskoy from comment #1) > Fedora still uses the old mailx-12.5 (from Heirloom project). > > It looks that vulnerability had appeared in the new, forked code only (from > git.sdaoden.eu), since there are no any "privsep.c" files in the 12.5 > version. This indeed seems to be the case. Thanks for the input! I have changed fedora to notaffected. BTW RHEL6/RHEL7 seem not affected too... As noted above, this is s-nail issue, not affecting mailx. CVE assignment: http://seclists.org/oss-sec/2017/q1/329 |