Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 833950 (CVE-2022-25643) - <sys-auth/seatd-0.6.4: Vulnerability in seatd-launch executable
Summary: <sys-auth/seatd-0.6.4: Vulnerability in seatd-launch executable
Status: RESOLVED FIXED
Alias: CVE-2022-25643
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://lists.sr.ht/~kennylevinsen/se...
Whiteboard: C3 [noglsa]
Keywords: SECURITY
Depends on: 834032
Blocks:
  Show dependency tree
 
Reported: 2022-02-23 23:03 UTC by Haelwenn (lanodan) Monnier
Modified: 2022-02-25 22:53 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Haelwenn (lanodan) Monnier 2022-02-23 23:03:35 UTC
> vulnerability in seatd-launch shipped as part of seatd release 0.6.0, 0.6.1,
> 0.6.2 and 0.6.3.
> The vulnerability was fixed in seatd release 0.6.4.

> If seatd-launch had the SUID bit set, this could be used by a malicious 
> user to remove files with the privileges of the owner of seatd-launch, 
> which is likely root, and replace it with a user-owned domain socket.

seatd-launch isn't with the SUID bit set in gentoo package but users are very likely to set it to effectively use it without being root.

seatd-0.6.4 is already in ::gentoo but seatd-0.6.2-r1 and 0.6.3 need to be cleared and the latter has been stabilized.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-24 20:36:40 UTC
Thanks, please stabilize 0.6.4!
Comment 2 Larry the Git Cow gentoo-dev 2022-02-25 15:46:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2311f91b8a0186879719473701e34a6351c0c5fd

commit 2311f91b8a0186879719473701e34a6351c0c5fd
Author:     Arthur Zamarin <arthurzam@gentoo.org>
AuthorDate: 2022-02-25 15:46:11 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2022-02-25 15:46:43 +0000

    sys-auth/seatd: drop 0.5.0, 0.5.0-r1, 0.6.2-r1
    
    Bug: https://bugs.gentoo.org/833950
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 sys-auth/seatd/Manifest              |  2 --
 sys-auth/seatd/seatd-0.5.0-r1.ebuild | 53 ---------------------------------
 sys-auth/seatd/seatd-0.5.0.ebuild    | 48 ------------------------------
 sys-auth/seatd/seatd-0.6.2-r1.ebuild | 57 ------------------------------------
 4 files changed, 160 deletions(-)
Comment 3 Arthur Zamarin archtester Gentoo Infrastructure gentoo-dev Security 2022-02-25 15:47:33 UTC
I have done partial cleanup, and opened stabilization bug for 0.6.4

Thanks!
Comment 4 Larry the Git Cow gentoo-dev 2022-02-25 21:03:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06fb3060f47319e243bc983fd3b89bb7d6c505d0

commit 06fb3060f47319e243bc983fd3b89bb7d6c505d0
Author:     Arthur Zamarin <arthurzam@gentoo.org>
AuthorDate: 2022-02-25 21:03:26 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2022-02-25 21:03:26 +0000

    sys-auth/seatd: drop 0.6.3
    
    Bug: https://bugs.gentoo.org/833950
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 sys-auth/seatd/Manifest           |  1 -
 sys-auth/seatd/seatd-0.6.3.ebuild | 57 ---------------------------------------
 2 files changed, 58 deletions(-)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-25 22:52:52 UTC
Thanks! This vulnerability isn't triggerable via a default installation of seatd, so no GLSA. All done!