[GLSA-201412-44] policycoreutils: Privilege escalation
Severity
High
Affected Packages
1
Unaffected Packages
1
CVEs
1
A vulnerability in policycoreutils could lead to local privilege escalation.
Background
policycoreutils is a collection of SELinux policy utilities.
Description
The seunshare utility is owned by root with 4755 permissions which can
be exploited by a setuid system call.
Impact
A local attacker may be able to gain escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All policycoreutils users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=sys-apps/policycoreutils-2.2.5-r4"
Package | Affected Version |
---|---|
pkg:ebuild/sys-apps/policycoreutils?distro=gentoo | < 2.2.5-r4 |
Package | Unaffected Version |
---|---|
pkg:ebuild/sys-apps/policycoreutils?distro=gentoo | >= 2.2.5-r4 |
- ID
- GLSA-201412-44
- Severity
- high
- URL
- https://security.gentoo.org/glsa/201412-44
- Published
-
2014-12-26T00:00:00
(9 years ago) - Modified
-
2014-12-26T00:00:00
(9 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2014-3215 | CVE-2014-3215 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3215 |
Bugzilla | 509896 | Bugzilla #509896 | https://bugs.gentoo.org/show_bug.cgi?id=509896 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:ebuild/sys-apps/policycoreutils?distro=gentoo | sys-apps | policycoreutils | < 2.2.5-r4 | gentoo | ||
Unaffected | pkg:ebuild/sys-apps/policycoreutils?distro=gentoo | sys-apps | policycoreutils | >= 2.2.5-r4 | gentoo |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |