Bug 806722 (CVE-2012-2123) - CVE-2012-2123 kernel: fcaps: clear the same personality flags as suid when fcaps are used
Summary: CVE-2012-2123 kernel: fcaps: clear the same personality flags as suid when fc...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-2123
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 806725 806726 806727 814522 814523
Blocks: 806718
TreeView+ depends on / blocked
 
Reported: 2012-03-26 05:16 UTC by Eugene Teo (Security Response)
Modified: 2019-09-29 12:51 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-04-05 08:03:05 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0670 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2012-05-16 00:14:03 UTC
Red Hat Product Errata RHSA-2012:0743 normal SHIPPED_LIVE Important: kernel security and bug fix update 2012-06-18 17:32:36 UTC

Comment 13 Eugene Teo (Security Response) 2012-04-20 04:41:48 UTC
Reported by Steve Grubb, if a process increases permissions using fcaps all of the dangerous personality flags which are cleared for suid apps should also be cleared. Thus for example programs given privilege with fcaps will continue to have address space randomization enabled even if the parent tried to disable it to make it easier to attack.

Comment 14 Eugene Teo (Security Response) 2012-04-20 04:48:10 UTC
Upstream commit:
http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445

Comment 15 Eugene Teo (Security Response) 2012-04-20 04:51:19 UTC
Statement:

This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, and 5. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0670.html. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0743.html.

Comment 16 Eugene Teo (Security Response) 2012-04-20 04:52:51 UTC
Also from Steve, AFAIK, there are no packages we ship on RHEL6 that use file system based capabilities because rpm lacked the support at the time. But rpm might get upgraded and some package from Fedora becomes a RHEL6 rebase and then we have the problem. Or maybe the software stacks pulls one in. But we still want to fix it.

Fedora 15 is where we started shipping packages that take advantage of the file
system based capabilities. And since RHEL7-alpha is an import of F16/17, it
certainly has the issue.

Comment 18 Eugene Teo (Security Response) 2012-04-20 04:59:06 UTC
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 814523]

Comment 19 Kurt Seifried 2012-04-20 04:59:37 UTC
Added CVE as per http://www.openwall.com/lists/oss-security/2012/04/20/6

Comment 20 Josh Boyer 2012-04-20 12:17:09 UTC
(In reply to comment #14)
> Upstream commit:
> http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445

You probably also want:

http://git.kernel.org/linus/51b79bee627d526199b2f6a6bef8ee0c0739b6d1

to fix a non-x86 build error.

Comment 21 Fedora Update System 2012-04-24 04:30:00 UTC
kernel-3.3.2-8.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2012-04-24 14:54:34 UTC
kernel-3.3.2-6.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 Fedora Update System 2012-04-26 03:29:26 UTC
kernel-2.6.43.2-6.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 28 errata-xmlrpc 2012-05-15 22:59:28 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0670 https://rhn.redhat.com/errata/RHSA-2012-0670.html

Comment 29 errata-xmlrpc 2012-06-18 13:33:53 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0743 https://rhn.redhat.com/errata/RHSA-2012-0743.html


Note You need to log in before you can comment on or make changes to this bug.