2346212 – (CVE-2025-1390) CVE-2025-1390 libcap: pam_cap: Fix potential configuration parsing error

Bug 2346212 (CVE-2025-1390) - CVE-2025-1390 libcap: pam_cap: Fix potential configuration parsing error

Summary: CVE-2025-1390 libcap: pam_cap: Fix potential configuration parsing error

Keywords:
Status:	NEW
Alias:	CVE-2025-1390
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-18 03:01 UTC by OSIDB Bzimport
Modified:	2025-02-18 18:02 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-18 03:01:13 UTC

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.

Note You need to log in before you can comment on or make changes to this bug.