diff options
author | Jan Beich <jbeich@FreeBSD.org> | 2021-09-16 01:15:04 +0000 |
---|---|---|
committer | Jan Beich <jbeich@FreeBSD.org> | 2021-09-16 01:15:04 +0000 |
commit | e0992ef21346e8606efd99b720938d6b9c9dc72b (patch) | |
tree | 1567b65d8d9dd468c347ea76da1653e1b48a8300 /security/vuxml/vuln-2021.xml | |
parent | d1f850d50d6476ca1cb40f03406e732301464394 (diff) | |
download | ports-e0992ef21346e8606efd99b720938d6b9c9dc72b.tar.gz ports-e0992ef21346e8606efd99b720938d6b9c9dc72b.zip |
security/vuxml: mark seatd 0.6.{0,1} as vulnerable
Diffstat (limited to 'security/vuxml/vuln-2021.xml')
-rw-r--r-- | security/vuxml/vuln-2021.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 43595edfc644..2914cc4230b9 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,35 @@ + <vuln vid="49c35943-0eeb-421c-af4f-78e04582e5fb"> + <topic>seatd-launch: privilege escalation with SUID</topic> + <affects> + <package> + <name>seatd</name> + <range><ge>0.6.0</ge><lt>0.6.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Kenny Levinsen reports:</p> + <blockquote cite="https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E"> + <p>seatd-launch used execlp, which reads the PATH environment variable to + search for the requested executable, to execute seatd. This meant that + the caller could freely control what executable was loaded by adding a + user-writable directory to PATH.</p> + <p>If seatd-launch had the SUID bit set, this could be used by a + malicious user with the ability to execute seatd-launch to mount a + privilege escalation attack to the owner of seatd-launch, which is + likely root.</p> + </blockquote> + </body> + </description> + <references> + <url>https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E</url> + </references> + <dates> + <discovery>2021-09-16</discovery> + <entry>2021-09-16</entry> + </dates> + </vuln> + <vuln vid="47b571f2-157b-11ec-ae98-704d7b472482"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |