833950 – (CVE-2022-25643) <sys-auth/seatd-0.6.4: Vulnerability in seatd-launch executable

Bug 833950 (CVE-2022-25643) - <sys-auth/seatd-0.6.4: Vulnerability in seatd-launch executable

Summary: <sys-auth/seatd-0.6.4: Vulnerability in seatd-launch executable

Status:	RESOLVED FIXED

Alias:	CVE-2022-25643

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://lists.sr.ht/~kennylevinsen/se...
Whiteboard:	C3 [noglsa]
Keywords:	SECURITY

Depends on:	834032
Blocks:
	Show dependency tree

Reported:	2022-02-23 23:03 UTC by Haelwenn (lanodan) Monnier
Modified:	2022-02-25 22:53 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Haelwenn (lanodan) Monnier 2022-02-23 23:03:35 UTC

> vulnerability in seatd-launch shipped as part of seatd release 0.6.0, 0.6.1,
> 0.6.2 and 0.6.3.
> The vulnerability was fixed in seatd release 0.6.4.

> If seatd-launch had the SUID bit set, this could be used by a malicious 
> user to remove files with the privileges of the owner of seatd-launch, 
> which is likely root, and replace it with a user-owned domain socket.

seatd-launch isn't with the SUID bit set in gentoo package but users are very likely to set it to effectively use it without being root.

seatd-0.6.4 is already in ::gentoo but seatd-0.6.2-r1 and 0.6.3 need to be cleared and the latter has been stabilized.

Comment 1 John Helmert III archtester

2022-02-24 20:36:40 UTC

Thanks, please stabilize 0.6.4!

Comment 2 Larry the Git Cow gentoo-dev

2022-02-25 15:46:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2311f91b8a0186879719473701e34a6351c0c5fd

commit 2311f91b8a0186879719473701e34a6351c0c5fd
Author:     Arthur Zamarin <arthurzam@gentoo.org>
AuthorDate: 2022-02-25 15:46:11 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2022-02-25 15:46:43 +0000

    sys-auth/seatd: drop 0.5.0, 0.5.0-r1, 0.6.2-r1
    
    Bug: https://bugs.gentoo.org/833950
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 sys-auth/seatd/Manifest              |  2 --
 sys-auth/seatd/seatd-0.5.0-r1.ebuild | 53 ---------------------------------
 sys-auth/seatd/seatd-0.5.0.ebuild    | 48 ------------------------------
 sys-auth/seatd/seatd-0.6.2-r1.ebuild | 57 ------------------------------------
 4 files changed, 160 deletions(-)

Comment 3 Arthur Zamarin archtester

2022-02-25 15:47:33 UTC

I have done partial cleanup, and opened stabilization bug for 0.6.4

Thanks!

Comment 4 Larry the Git Cow gentoo-dev

2022-02-25 21:03:42 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06fb3060f47319e243bc983fd3b89bb7d6c505d0

commit 06fb3060f47319e243bc983fd3b89bb7d6c505d0
Author:     Arthur Zamarin <arthurzam@gentoo.org>
AuthorDate: 2022-02-25 21:03:26 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2022-02-25 21:03:26 +0000

    sys-auth/seatd: drop 0.6.3
    
    Bug: https://bugs.gentoo.org/833950
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 sys-auth/seatd/Manifest           |  1 -
 sys-auth/seatd/seatd-0.6.3.ebuild | 57 ---------------------------------------
 2 files changed, 58 deletions(-)

Comment 5 John Helmert III archtester

2022-02-25 22:52:52 UTC

Thanks! This vulnerability isn't triggerable via a default installation of seatd, so no GLSA. All done!