Bug 727713 - VUL-0: libcap/capsh: does not chdir after chroot
VUL-0: libcap/capsh: does not chdir after chroot
Status: RESOLVED DUPLICATE of bug 727715
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-02 09:01 UTC by Ludwig Nussel
Modified: 2011-11-02 09:33 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-11-02 09:01:24 UTC
Your friendly security team received the following report via oss-security.
Please respond ASAP.
------------------------------------------------------------------------------
Date: Tue, 01 Nov 2011 20:54:37 +0530
From: Huzaifa Sidhpurwala <huzaifas@redhat.com>
Subject: [oss-security] libcap/capsh: does not chdir after chroot

Hi All,

It was found that capsh program, usually shipped with the libcap
package, did not do a chdir("/") after calling chroot, when called with
a "--chroot" option. This resulted in the current directory being
outside the chroot.

This has been assigned CVE-2011-4099

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=722694


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team
Comment 1 Ludwig Nussel 2011-11-02 09:33:22 UTC
ups dup.

*** This bug has been marked as a duplicate of bug 727715 ***