Bug 1938284 (CVE-2021-3800) - CVE-2021-3800 glib2: Possible privilege escalation thourgh pkexec and aliases
Summary: CVE-2021-3800 glib2: Possible privilege escalation thourgh pkexec and aliases
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3800
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1946551 1946555 1946556 1946559 1946560 1938285 1938287 1938288 1938289 1938290 1944740 1944742 1944743 1944744 1944745 1944746 1946549 1946550 1946552 1946553 1946554 1946557 1946558
Blocks: 1935348
TreeView+ depends on / blocked
 
Reported: 2021-03-12 17:14 UTC by Pedro Sampaio
Modified: 2023-09-26 14:58 UTC (History)
30 users (show)

Fixed In Version: glib2 2.63.6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-09 19:51:41 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4385 0 None None None 2021-11-09 18:32:43 UTC

Description Pedro Sampaio 2021-03-12 17:14:15 UTC
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

Upstream patch:

https://gitlab.gnome.org/GNOME/glib/commit/3529bb4450a51995

References:

https://www.openwall.com/lists/oss-security/2017/06/23/8

Comment 1 Pedro Sampaio 2021-03-12 17:15:41 UTC
Created firefox tracking bugs for this issue:

Affects: fedora-all [bug 1938290]


Created glib tracking bugs for this issue:

Affects: epel-7 [bug 1938288]
Affects: fedora-all [bug 1938287]


Created glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1938285]


Created mingw-glib2 tracking bugs for this issue:

Affects: fedora-all [bug 1938289]

Comment 6 errata-xmlrpc 2021-11-09 18:32:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4385 https://access.redhat.com/errata/RHSA-2021:4385

Comment 7 Product Security DevOps Team 2021-11-09 19:51:36 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3800

Comment 8 Marco Benatto 2023-04-06 21:02:59 UTC
pkexec is an application used to authorized one user to execute a program as another user and it's not exposed through network, hence Red Hat considers the Attack Vector as local. To a successful attack be executed the attacker needs to set the right charset and be trick the user execute pkexec and as consequence it may leak partial, uncontrolled, contents from privileged files to the attacker.


Note You need to log in before you can comment on or make changes to this bug.