Bug 806722 - (CVE-2012-2123) CVE-2012-2123 kernel: fcaps: clear the same personality flags as suid when fcaps are used
CVE-2012-2123 kernel: fcaps: clear the same personality flags as suid when fc...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20120417,repo...
: Security
Depends On: 806725 806726 806727 814522 814523
Blocks: 806718
  Show dependency treegraph
 
Reported: 2012-03-26 01:16 EDT by Eugene Teo (Security Response)
Modified: 2013-04-05 04:03 EDT (History)
17 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-04-05 04:03:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 13 Eugene Teo (Security Response) 2012-04-20 00:41:48 EDT
Reported by Steve Grubb, if a process increases permissions using fcaps all of the dangerous personality flags which are cleared for suid apps should also be cleared. Thus for example programs given privilege with fcaps will continue to have address space randomization enabled even if the parent tried to disable it to make it easier to attack.
Comment 14 Eugene Teo (Security Response) 2012-04-20 00:48:10 EDT
Upstream commit:
http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445
Comment 15 Eugene Teo (Security Response) 2012-04-20 00:51:19 EDT
Statement:

This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, and 5. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0670.html. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0743.html.
Comment 16 Eugene Teo (Security Response) 2012-04-20 00:52:51 EDT
Also from Steve, AFAIK, there are no packages we ship on RHEL6 that use file system based capabilities because rpm lacked the support at the time. But rpm might get upgraded and some package from Fedora becomes a RHEL6 rebase and then we have the problem. Or maybe the software stacks pulls one in. But we still want to fix it.

Fedora 15 is where we started shipping packages that take advantage of the file
system based capabilities. And since RHEL7-alpha is an import of F16/17, it
certainly has the issue.
Comment 18 Eugene Teo (Security Response) 2012-04-20 00:59:06 EDT
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 814523]
Comment 19 Kurt Seifried 2012-04-20 00:59:37 EDT
Added CVE as per http://www.openwall.com/lists/oss-security/2012/04/20/6
Comment 20 Josh Boyer 2012-04-20 08:17:09 EDT
(In reply to comment #14)
> Upstream commit:
> http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445

You probably also want:

http://git.kernel.org/linus/51b79bee627d526199b2f6a6bef8ee0c0739b6d1

to fix a non-x86 build error.
Comment 21 Fedora Update System 2012-04-24 00:30:00 EDT
kernel-3.3.2-8.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 22 Fedora Update System 2012-04-24 10:54:34 EDT
kernel-3.3.2-6.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2012-04-25 23:29:26 EDT
kernel-2.6.43.2-6.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 28 errata-xmlrpc 2012-05-15 18:59:28 EDT
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0670 https://rhn.redhat.com/errata/RHSA-2012-0670.html
Comment 29 errata-xmlrpc 2012-06-18 09:33:53 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0743 https://rhn.redhat.com/errata/RHSA-2012-0743.html

Note You need to log in before you can comment on or make changes to this bug.