First Last Prev Next    This bug is not in your last search results.
Bug 882189 - (CVE-2014-4014) VUL-0: CVE-2014-4014: kernel: internal function inode_capable was used inappropriately
(CVE-2014-4014)
VUL-0: CVE-2014-4014: kernel: internal function inode_capable was used inappr...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P1 - Urgent : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/99458/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-11 08:27 UTC by Johannes Segitz
Modified: 2016-04-27 14:41 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Change inode_capable to capable_wrt_inode_uidgid (7.24 KB, patch)
2014-06-11 08:27 UTC, Johannes Segitz 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-06-11 08:27:31 UTC 
Created attachment 594145 [details]
Change inode_capable to capable_wrt_inode_uidgid

CVE-2014-4014

From: Andy Lutomirski <luto () amacapital net>
Date: Tue, 10 Jun 2014 14:49:03 -0700

The internal function inode_capable was used inappropriately.
Depending on configuration, this may be usable to escalate privileges.
A cursory inspection of my Fedora box suggests that it is not
vulnerable to the obvious way to exploit this bug.

References:
http://seclists.org/oss-sec/2014/q2/511
Comment 1 SMASH SMASH 2014-06-11 08:45:21 UTC 
Affected packages:

SLE-11-SP3: kernel-source
SLE-11-SP2: kernel-source
Comment 2 Swamp Workflow Management 2014-06-11 22:00:17 UTC 
bugbot adjusting priority
Comment 3 Marcus Meissner 2014-06-18 07:09:02 UTC 
From: Andy Lutomirski <luto@amacapital.net>
Date: Tue, 17 Jun 2014 14:47:46 -0700

The commit that fixes this is:

23adbe12ef7d3d4195e80800ab36b37bee28cd03

The bug is that, if you created a user namespace and retained
capabilities in that namespace, then you could use chmod to set the
setgid bit on any file you owned, including files with, say, group 0.

The impact depends on what files are available that have gids that
shouldn't be available to the users who own the file.  For example,
the existence of a uid != 0, gid == 0 file would allow that uid to
escalate privileges to gid 0, which is likely good enough for full
root.
Comment 5 Marcus Meissner 2014-06-23 09:08:39 UTC 
potential local privilege escalation, bump prio
Comment 7 Jeff Mahoney 2014-06-25 16:46:27 UTC 
Fix applied to SLE12 via 3.12.23.
Fix applied to openSUSE 12.3
Fix applied to openSUSE 13.1

The problem was introduced in v3.5-rc1. Earlier releases are unaffected.
Comment 8 Swamp Workflow Management 2014-08-01 13:05:44 UTC 
openSUSE-SU-2014:0957-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 788080,867531,867723,877257,880484,882189,883518,883724,883795,885422,885725
CVE References: CVE-2014-0131,CVE-2014-2309,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4014,CVE-2014-4171,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.40.2, kernel-source-3.7.10-1.40.1, kernel-syms-3.7.10-1.40.1
Comment 9 Swamp Workflow Management 2014-08-11 10:07:41 UTC 
openSUSE-SU-2014:0985-1: An update that solves 14 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 768714,851686,855657,866101,867531,867723,879071,880484,882189,883518,883724,883795,884840,885422,885725,886629
CVE References: CVE-2014-0100,CVE-2014-0131,CVE-2014-2309,CVE-2014-3917,CVE-2014-4014,CVE-2014-4171,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.13.1, crash-7.0.2-2.13.1, hdjmod-1.28-16.13.1, ipset-6.21.1-2.17.1, iscsitarget-1.4.20.3-13.13.1, kernel-docs-3.11.10-21.3, kernel-source-3.11.10-21.1, kernel-syms-3.11.10-21.1, ndiswrapper-1.58-13.1, pcfclock-0.44-258.13.1, vhba-kmp-20130607-2.14.1, virtualbox-4.2.18-2.18.1, xen-4.3.2_01-21.1, xtables-addons-2.3-2.13.1
Comment 10 Marcus Meissner 2014-09-05 09:29:49 UTC 
released
First Last Prev Next    This bug is not in your last search results.