policycoreutils is vulnerable to arbitrary code execution. The vulnerability exists as it was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory mounted as /tmp/. A local user could use this flaw to overwrite files or, possibly, execute arbitrary code with the privileges of a setuid or setgid application that relies on proper /tmp/ permissions, by running that application via seunshare.
CPE | Name | Operator | Version |
---|---|---|---|
policycoreutils | eq | 2.0.83__19.1.el6 | |
policycoreutils | eq | 2.0.83__19.1.el6 |
archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html
openwall.com/lists/oss-security/2011/02/23/1
openwall.com/lists/oss-security/2011/02/23/2
pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197
pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob;f=policycoreutils-rhat.patch;h=d4db5bc06027de23d12a4b3f18fa6f9b1517df27;hb=HEAD#l2197
secunia.com/advisories/43415
secunia.com/advisories/43844
secunia.com/advisories/44034
www.redhat.com/support/errata/RHSA-2011-0414.html
www.securityfocus.com/bid/46510
www.securitytracker.com/id?1025291
www.vupen.com/english/advisories/2011/0701
www.vupen.com/english/advisories/2011/0864
access.redhat.com/errata/RHSA-2011:0414
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=633544
exchange.xforce.ibmcloud.com/vulnerabilities/65641