Gentoo Bug 219089 - hardened-sources: grsecurity <2.1.11-2.6.24.5 RBAC security bypass (CVE-2008-1940)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	219089
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
4500_grsec-user_transition-bypass-fix.patch	Fix backported to 2.6.23	patch	Gordon Malm	2008-04-24 01:06 0000	3.62 KB	Details \| Diff
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 219089 depends on:			Show dependency tree
Bug 219089 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-04-23 22:51 0000

Secunia:
A security issue has been reported in grsecurity, which can be exploited by
malicious, local users to bypass certain security restrictions.

The security issue is caused due to an error in the RBAC system when enforcing
the "user_transition_deny" and "user_transition_allow" rules. This can be
exploited to bypass the affected rules in calls to "sys_setfsuid()" and
"sys_setfsgid()".

The security issue is reported in versions prior to 2.1.11-2.6.24.5
(2008-04-21) and 2.1.11-2.4.36.2 (2008-04-21).

------- Comment #1 From Gordon Malm 2008-04-24 01:06:13 0000 -------

Created an attachment (id=150781) [details]
Fix backported to 2.6.23

Status update:
The patch uploaded with this posting will be included in the upcoming
2.6.23-r10 release, already in testing.  

The upcoming hardened-sources-2.6.24-r1 RC already has the latest
grsec-2.1.11-2.6.24.5-200804211829.patch containing this fix and is also in
testing since 2008-04-21.

Both will be added to the tree soonish.

------- Comment #2 From Gordon Malm 2008-04-30 12:09:52 0000 -------

hardened-sources releases 2.6.23-r10 and 2.6.24-r1 are in the tree with this
fix.  Bug can be closed when 2.6.23-r10 goes stable on x86, amd64 and ppc.

------- Comment #3 From Robert Buchholz 2008-05-03 19:49:14 0000 -------

Do you guys at hardened handle stabilization, or shall we add arches to the
bug?

------- Comment #4 From Gordon Malm 2008-05-11 05:12:41 0000 -------

hardened-sources-2.6.23-r11 is marked stable on x86, amd64 and ppc.  Closing
bug.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 219089

hardened-sources: grsecurity <2.1.11-2.6.24.5 RBAC security bypass (CVE-2008-1940)

Last modified: 2008-05-11 05:12:41 0000