1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201412-44

[GLSA-201412-44] policycoreutils: Privilege escalation

Severity High
Affected Packages 1
Unaffected Packages 1
CVEs 1
Info Packages References Vulnerabilities

A vulnerability in policycoreutils could lead to local privilege escalation.

Background
policycoreutils is a collection of SELinux policy utilities.

Description
The seunshare utility is owned by root with 4755 permissions which can
be exploited by a setuid system call.

Impact
A local attacker may be able to gain escalated privileges.

Workaround
There is no known workaround at this time.

Resolution
All policycoreutils users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
">=sys-apps/policycoreutils-2.2.5-r4"

Package Affected Version
pkg:ebuild/sys-apps/policycoreutils?distro=gentoo < 2.2.5-r4
Package Unaffected Version
pkg:ebuild/sys-apps/policycoreutils?distro=gentoo >= 2.2.5-r4
ID
GLSA-201412-44
Severity
high
URL
https://security.gentoo.org/glsa/201412-44
Published
2014-12-26T00:00:00
(9 years ago)
Modified
2014-12-26T00:00:00
(9 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2014-3215 CVE-2014-3215 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3215
Bugzilla 509896 Bugzilla #509896 https://bugs.gentoo.org/show_bug.cgi?id=509896
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/sys-apps/policycoreutils?distro=gentoo sys-apps policycoreutils < 2.2.5-r4 gentoo
Unaffected pkg:ebuild/sys-apps/policycoreutils?distro=gentoo sys-apps policycoreutils >= 2.2.5-r4 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date