oss-sec mailing list archives
Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks
From: Jakub Wilk <jwilk () jwilk net>
Date: Wed, 18 Jun 2025 08:04:46 +0200
* Qualys Security Advisory <qsa () qualys com>, 2025-06-17 20:00:
On Debian 12 and Ubuntu 24.04, when an unprivileged user logs in via sshd, PAM's pam_env module (from Linux-PAM 1.5.x) also reads this user's ~/.pam_environment file, because pam_env's "user_readenv" is explicitly set to 1 in /etc/pam.d/sshd (it is 0 by default, since Linux-PAM 1.4.0).
I reported this back in 2014: https://bugs.debian.org/761600 -- Jakub Wilk
Current thread:
- CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory (Jun 17)
- Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Simon McVittie (Jun 17)
- Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Jakub Wilk (Jun 17)
- <Possible follow-ups>
- Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory (Jun 17)