mailing list archives
[CVE request] Local privilege escalation in libfep
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 05 Jun 2014 13:40:02 +0200
It was discovered that libfep uses UNIX domain sockets in the abstract
namespace in an insecure way. As a result, unprivileged local users
were able to inject commands into running fep sessions of other users.
The upstream fix simply removes abstract namespace support, using a
restricted directory to host the UNIX domain socket instead:
Abstract namespace support was introduced in this commit:
This means that versions from 0.0.5 to 0.0.9 (inclusive) are vulnerable,
and 0.1.0 has the fix.
Florian Weimer / Red Hat Product Security Team
- [CVE request] Local privilege escalation in libfep Florian Weimer (Jun 05)