|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-3257: kernel: local privilege escalation by KDSKBSENT | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Vojtech Pavlik <vojtech> |
| Status: | RESOLVED WONTFIX | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | CVE-2005-3257: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P) | ||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Marcus Meissner
2005-11-08 16:41:53 UTC
Vojtech, can you please take a look at this one? Thanks! This issue is known for many years already, and has been usually worked
around by having 'loadkeys -d' in the profile and using SAK before login.
It is only applicable to shared desktop systems, which can't be considered
safe anyway, and as such is a low-threat vulnerability.
It does affect every Linux box out there with physical access to the console,
so it affects us as well.
This patch:
--- devel/drivers/char/vt_ioctl.c~setkeys-needs-root 2005-10-17 23:50:37.000000000 -0700
+++ devel-akpm/drivers/char/vt_ioctl.c 2005-10-17 23:51:43.000000000 -0700
@@ -192,6 +192,9 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
int i, j, k;
int ret;
+ if (!capable(CAP_SYS_TTY_CONFIG))
+ return -EPERM;
+
kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
if (!kbs) {
ret = -ENOMEM;
is a reasonable fix, however it prevents users from changing the keymap,
unless 'loadkeys' is run from a suid wrapper that allows a limited selection
of maps.
This fix has been included in -mm.
then we will not fix this for the old products and wait what upstream does ... thanks for the research, vojtech! CVE-2005-3257: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P) |