CVE-2014-3215 - OpenCVE

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux
Selinuxproject	Policycoreutils

Configuration 1 [-]

cpe:2.3:a:selinuxproject:policycoreutils:2.2.5:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-504.16.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:0864	2015-04-21T00:00:00Z
Red Hat Enterprise Linux 7
libcap-ng-0:0.7.5-4.el7	cpe:/o:redhat:enterprise_linux:7	RHBA-2015:2161	2015-11-19T00:00:00Z

References

Link	Providers
http://advisories.mageia.org/MGASA-2014-0251.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html
http://openwall.com/lists/oss-security/2014/04/29/7
http://openwall.com/lists/oss-security/2014/04/30/4
http://openwall.com/lists/oss-security/2014/05/08/1
http://rhn.redhat.com/errata/RHSA-2015-0864.html
http://secunia.com/advisories/59007
http://www.mandriva.com/security/advisories?name=MDVSA-2015:156
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/67341
https://nvd.nist.gov/vuln/detail/CVE-2014-3215
https://www.cve.org/CVERecord?id=CVE-2014-3215

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-05-08T10:00:00

Updated: 2024-08-06T10:35:57.038Z

Reserved: 2014-05-03T00:00:00

Link: CVE-2014-3215

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-05-08T10:55:05.107

Modified: 2019-01-03T17:08:24.977

Link: CVE-2014-3215

Redhat

Severity : Important

Publid Date: 2012-12-08T00:00:00Z

Links: CVE-2014-3215 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "67341", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67341"}, {"name": "openSUSE-SU-2014:0749", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html"}, {"name": "[oss-security] 20140507 Re: local privilege escalation due to capng_lock as used in seunshare", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/05/08/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0251.html"}, {"name": "59007", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59007"}, {"name": "RHSA-2015:0864", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"}, {"name": "MDVSA-2015:156", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:156"}, {"name": "[oss-security] 20140430 Re: local privilege escalation due to capng_lock as used in seunshare", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/04/30/4"}, {"name": "[oss-security] 20140429 local privilege escalation due to capng_lock as used in seunshare", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/04/29/7"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3215", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67341", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67341"}, {"name": "openSUSE-SU-2014:0749", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html"}, {"name": "[oss-security] 20140507 Re: local privilege escalation due to capng_lock as used in seunshare", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/05/08/1"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "http://advisories.mageia.org/MGASA-2014-0251.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0251.html"}, {"name": "59007", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59007"}, {"name": "RHSA-2015:0864", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"}, {"name": "MDVSA-2015:156", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:156"}, {"name": "[oss-security] 20140430 Re: local privilege escalation due to capng_lock as used in seunshare", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/04/30/4"}, {"name": "[oss-security] 20140429 local privilege escalation due to capng_lock as used in seunshare", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/04/29/7"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:57.038Z"}, "title": "CVE Program Container", "references": [{"name": "67341", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67341"}, {"name": "openSUSE-SU-2014:0749", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html"}, {"name": "[oss-security] 20140507 Re: local privilege escalation due to capng_lock as used in seunshare", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/05/08/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0251.html"}, {"name": "59007", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59007"}, {"name": "RHSA-2015:0864", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"}, {"name": "MDVSA-2015:156", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:156"}, {"name": "[oss-security] 20140430 Re: local privilege escalation due to capng_lock as used in seunshare", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/04/30/4"}, {"name": "[oss-security] 20140429 local privilege escalation due to capng_lock as used in seunshare", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/04/29/7"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3215", "datePublished": "2014-05-08T10:00:00", "dateReserved": "2014-05-03T00:00:00", "dateUpdated": "2024-08-06T10:35:57.038Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:selinuxproject:policycoreutils:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "F010D863-2E14-47EB-A932-B39C37ACDD3B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges."}, {"lang": "es", "value": "seunshare en policycoreutils 2.2.5 pertenece a root con permisos 4755, y ejecuta programas de forma que cambia la relaci\u00f3n entre la llamada de sistema setuid y el valor set-user-ID guardado en getresuid, lo que facilita a usuarios locales ganar privilegios mediante el aprovechamiento de un programa que esperaba err\u00f3neamente que podr\u00eda eliminar privilegios permanentemente."}], "id": "CVE-2014-3215", "lastModified": "2019-01-03T17:08:24.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-08T10:55:05.107", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0251.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/04/29/7"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/04/30/4"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/05/08/1"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/59007"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:156"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67341"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "affected_release": [{"advisory": "RHSA-2015:0864", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-504.16.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-04-21T00:00:00Z"}, {"advisory": "RHBA-2015:2161", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libcap-ng-0:0.7.5-4.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-19T00:00:00Z"}], "bugzilla": {"description": "policycoreutils: local privilege escalation via seunshare", "id": "1095855", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095855"}, "csaw": false, "cvss": {"cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-270", "details": ["seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.", "A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support."], "name": "CVE-2014-3215", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "policycoreutils", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libcap-ng", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "policycoreutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "selinux-policy", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "policycoreutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "selinux-policy", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2012-12-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3215\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3215"], "threat_severity": "Important"}