Bug 232096
Summary: | CVE-2004-0813 SG_IO unsafe user command execution | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Josh Bressers <bressers> | ||||
Component: | cdrtools | Assignee: | Harald Hoyer <harald> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 3.0 | CC: | tmraz | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | public=20040730,impact=moderate,source=redhat | ||||||
Fixed In Version: | RHSA-2007-0465 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-06-11 17:51:45 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 133098 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Josh Bressers
2007-03-13 21:06:55 UTC
If we set cdrecord to be setuid root, we will need to add the patch for CVE-2004-0806, which could allow a local user to gain root privileges. We will also need to add a fix for bug 152462 (CVE-2005-0866). There is a patch in the bug. Neither of these are currently vulnerabilities, but would be if we set cdrecord to setuid root. Created attachment 150154 [details] Patch for CVE-2004-0806 See the original bug 133098 for patch adding PAM support to cdrecord + PAM config. Cdrecord with the patch mentioned above can be made setuid root and only people logged in on console will have access to it. (Note that using consolehelper doesn't help us as it sets both euid and uid to 0.) harald, can you roll new packages with all the patches mentioned and just note te n-v-r here. It's likely we'll include these packges with the pam errata given they depend on each other. scsi-remote will not work with the pam patch anyway, if I think of it. So we may note that this functionality is gone. And we could remove the code also. I think as long as we note this loss of functionality in the errata, removing it is the right thing. what about: isoinfo isodump isovfy isodebug cdrdao devdump readcd skel Patch with pam and make them suid also? I suspect we would only need to modify these tools if they need to write to the device no? Can they not read from the cd device, rather than the sg device? An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0465.html |