Wind River Support Network

HomeDefectsLIN5-18773
Fixed

LIN5-18773 : Security Advisory - policycoreutils - CVE-2014-3215

Created: May 15, 2014    Updated: Dec 19, 2017
Resolved Date: Jul 1, 2014
Found In Version: 5.0.1.17
Fix Version: 5.0.1.17
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3215

Other Downloads


Live chat
Online