Home page logo
/

oss-sec logo oss-sec mailing list archives

[CVE request] Local privilege escalation in libfep
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 05 Jun 2014 13:40:02 +0200

It was discovered that libfep uses UNIX domain sockets in the abstract namespace in an insecure way. As a result, unprivileged local users were able to inject commands into running fep sessions of other users.

The upstream fix simply removes abstract namespace support, using a restricted directory to host the UNIX domain socket instead:

https://github.com/ueno/libfep/commit/293d9d3f

Abstract namespace support was introduced in this commit:

https://github.com/ueno/libfep/commit/5a170323

This means that versions from 0.0.5 to 0.0.9 (inclusive) are vulnerable, and 0.1.0 has the fix.

--
Florian Weimer / Red Hat Product Security Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]