First published: Tue Apr 21 2015(Updated: )
A race condition flaw was found between the chown() and execve() system calls. When changing the owner of a setuid-user binary to root, the race condition could momentarily make the binary setuid root. When root chown()ed an attacker-owned setuid file to root, the file briefly was setuid root (and executable as such). An attacker could take advantage of this small window and execute a setuid binary with elevated privileges. Upstream patch: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543</a> Additional details: <a href="http://seclists.org/oss-sec/2015/q2/216">http://seclists.org/oss-sec/2015/q2/216</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <=3.19.5 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.