Bug 1465025 - (CVE-2017-9780) CVE-2017-9780 flatpak: Privilege escalation via setuid/world-writable file permissions
CVE-2017-9780 flatpak: Privilege escalation via setuid/world-writable file pe...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1465027
Blocks: 1465028
  Show dependency treegraph
Reported: 2017-06-26 08:49 EDT by Andrej Nemec
Modified: 2017-06-26 21:00 EDT (History)
2 users (show)

See Also:
Fixed In Version: flatpak 0.8.7, flatpak 0.9.6
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-06-26 21:00:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrej Nemec 2017-06-26 08:49:47 EDT
A vulnerability was found in Flatpak. A third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.

Upstream issue:

Comment 1 Andrej Nemec 2017-06-26 08:50:01 EDT

Name: Colin Walters (Red Hat)
Comment 2 Andrej Nemec 2017-06-26 08:50:17 EDT
Created flatpak tracking bugs for this issue:

Affects: fedora-24 [bug 1465027]
Comment 3 Andrej Nemec 2017-06-26 08:52:15 EDT

Comment 4 Doran Moppert 2017-06-26 21:00:00 EDT
Upstream commit for 0.8.7 branch:


This is already included in flatpak-0.8.7-1.el7

Note You need to log in before you can comment on or make changes to this bug.