389201 – (CVE-2011-4099) <sys-libs/libcap-2.22: capsh does not chdir after chroot (CVE-2011-4099)

Bug 389201 (CVE-2011-4099) - <sys-libs/libcap-2.22: capsh does not chdir after chroot (CVE-2011-4099)

Summary: <sys-libs/libcap-2.22: capsh does not chdir after chroot (CVE-2011-4099)

Status:	RESOLVED FIXED

Alias:	CVE-2011-4099

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://cwe.mitre.org/data/definitions...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:	389291
Blocks:
	Show dependency tree

Reported:	2011-11-01 16:02 UTC by Jacek Szpot
Modified:	2012-03-06 21:08 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jacek Szpot 2011-11-01 16:02:02 UTC

As per RedHat's bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=722694):

The capsh program has a --chroot commandline option. Inspecting the code shows
that it does not do a chdir("/") after calling chroot. This means that '.' is
outside the chroot.

Fix is reported to be in 2.22.

This is CVE-2011-4099.

Comment 1 SpanKY gentoo-dev

2011-11-01 20:42:23 UTC

i'm guessing the kernel.org downtime made this version bump hard to notice

at any rate, 2.22 now in the tree

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2011-11-02 07:45:47 UTC

Thanks for the bug, Jack.

(In reply to comment #1)
> i'm guessing the kernel.org downtime made this version bump hard to notice
> 
> at any rate, 2.22 now in the tree

Great, thanks.

Arches, please test and mark stable:
=sys-libs/libcap-2.22
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 3 Agostino Sarubbo gentoo-dev

2011-11-02 14:38:39 UTC

amd64 ok

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2011-11-02 16:03:45 UTC

Stable for HPPA.

Comment 5 Ian Delaney (RETIRED) gentoo-dev

2011-11-03 07:47:54 UTC

amd64 ok

Comment 6 Tony Vroon (RETIRED) gentoo-dev

2011-11-03 10:16:21 UTC

+  03 Nov 2011; Tony Vroon <chainsaw@gentoo.org> libcap-2.22.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian
+  "idella4" Delaney in security bug #389201.

Comment 7 Jeff (JD) Horelick (RETIRED) gentoo-dev

2011-11-04 19:33:42 UTC

Archtested on x86: Everything fine

Comment 8 Myckel Habets 2011-11-05 15:50:06 UTC

(In reply to comment #7)
> Archtested on x86: Everything fine

+1

Comment 9 Andreas Schürch gentoo-dev

2011-11-06 15:04:02 UTC

x86 stable, thanks JD and Myckel!

Comment 10 Markus Meier gentoo-dev

2011-11-06 17:04:57 UTC

arm stable

Comment 11 Brent Baude (RETIRED) gentoo-dev

2011-11-07 00:18:36 UTC

ppc done

Comment 12 Raúl Porcel (RETIRED) gentoo-dev

2011-11-26 12:43:40 UTC

alpha/ia64/m68k/s390/sh/sparc stable

Comment 13 Mark Loeser (RETIRED) gentoo-dev

2011-12-18 21:39:59 UTC

ppc64 done

Comment 14 Tim Sammut (RETIRED) gentoo-dev

2011-12-18 21:50:22 UTC

Thanks, folks. GLSA Vote: yes.

Comment 15 Stefan Behte (RETIRED) gentoo-dev

2012-03-06 01:11:26 UTC

Vote: NO.

Comment 16 Sean Amoss (RETIRED) gentoo-dev

2012-03-06 21:08:31 UTC

Vote: no.

Closing noglsa.