Wind River Support Network

HomeDefectsLIN6-7432
Fixed

LIN6-7432 : Security Advisory - policycoreutils - CVE-2014-3215

Created: May 15, 2014    Updated: Dec 3, 2018
Resolved Date: Jul 1, 2014
Found In Version: 6.0.0.10
Fix Version: 6.0.0.10
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3215

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube