CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
5.1%
CentOS Errata and Security Advisory CESA-2015:0986
The kexec-tools packages contain the /sbin/kexec binary and utilities that
together form the user-space component of the kernel’s kexec feature.
The /sbin/kexec binary facilitates a new kernel to boot using the kernel’s
kexec feature either on a normal or a panic reboot. The kexec fastboot
mechanism allows booting a Linux kernel from the context of an already
running kernel.
It was found that the module-setup.sh script provided by kexec-tools
created temporary files in an insecure way. A malicious, local user could
use this flaw to conduct a symbolic link attack, allowing them to overwrite
the contents of arbitrary files. (CVE-2015-0267)
This issue was discovered by Harald Hoyer of Red Hat.
This update also fixes the following bug:
In addition, this update adds the following enhancement:
All kexec-tools users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add this
enhancement.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-May/083293.html
Affected packages:
kexec-tools
kexec-tools-anaconda-addon
kexec-tools-eppic
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:0986
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | kexec-tools | < 2.0.7-19.el7_1.2 | kexec-tools-2.0.7-19.el7_1.2.x86_64.rpm |
CentOS | 7 | x86_64 | kexec-tools-anaconda-addon | < 2.0.7-19.el7_1.2 | kexec-tools-anaconda-addon-2.0.7-19.el7_1.2.x86_64.rpm |
CentOS | 7 | x86_64 | kexec-tools-eppic | < 2.0.7-19.el7_1.2 | kexec-tools-eppic-2.0.7-19.el7_1.2.x86_64.rpm |