Bug 730783 (CVE-2011-2910)

Summary: CVE-2011-2910 ax25-tools: possible privilege escalation due to failure to check for s*id return values
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ralf, randyn3lrx, sindrepb
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:57:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 730784    
Bug Blocks:    

Description Vincent Danen 2011-08-15 18:51:17 UTC 
Dan Rosenberg reported [1] that ax25d does not check the return value of a setuid call responsible for dropping privileges.  If the setuid call failed, the daemon would continue to run with root privileges.

This has not yet been corrected upstream [2].

[1] http://www.openwall.com/lists/oss-security/2011/08/10/3
[2] http://www.linux-ax25.org/cvsweb/ax25-tools/ax25/ax25d.c
Comment 1 Vincent Danen 2011-08-15 18:52:21 UTC 
Created ax25-tools tracking bugs for this issue

Affects: fedora-all [bug 730784]
Comment 2 Ralf Baechle 2011-08-18 13:11:05 UTC 
A few hours ago Thomas Osterried has checked in a fix for CVE-2011-2910 into linux-ax25.org's CVS archive, see https://www.linux-ax25.org/wiki/CVS for CVS instructions and how to build.  No new release tarballs have been created yet (or in the past few eons ...) and due to various other fixes a CVS checkout is currently urgently recommended over the released tarballs.
Comment 3 Product Security DevOps Team 2019-06-10 10:57:59 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.