Bug 129914 - sys-cluster/util-vserver: [<=0.30.209] SUEXEC Privilege Escalation Weakness
Bug#: 129914 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: propolice@gmail.com
Component: Vulnerabilities
URL:  https://savannah.nongnu.org/bugs/?func=detailitem&item_id=15996
Summary: sys-cluster/util-vserver: [<=0.30.209] SUEXEC Privilege Escalation Weakness
Keywords:  
Status Whiteboard: B4 [noglsa] ed
Opened: 2006-04-14 01:56 0000
Description:   Opened: 2006-04-14 01:56 0000 
Fixed in 0.30.210

"""snip"""
I tried to use "vserver [servername] suexec [username] [command]" in my startup
scripts, but instead of running as the user I expected, the process ran as root
within the vserver.

I learned that suexec takes a userid Number, instead of a username String.
Since the usual result of pushing alphabetical characters through a
convert-to-number function is 0, which is the userid of root...

Invalid parameters should al least return an error, not run with extra
priviledges. =)
"""snip"""

------- Comment #1 From Benedikt Böhm 2006-04-14 04:18:07 0000 ------- 
thi has not been fixed in 0.30.210, the patch has been added to 0.30.210-r12
and hopefully it will get in 0.30.211 upstream... although r12 is in for a few
days, i made it stable, previous revisions got massive testing anyway..

------- Comment #2 From Sune Kloppenborg Jeppesen 2006-04-14 04:24:25 0000 ------- 
This is ready for GLSA decision. I vote a full NO.

Not even sure it's a security issue.

------- Comment #3 From Thierry Carrez (RETIRED) 2006-04-14 13:28:24 0000 ------- 
Full NO and closing.