941922 – (CVE-2024-42028) <net-wireless/unifi-8.5.6: local privilege escalation vulnerability

Bug 941922 (CVE-2024-42028) - <net-wireless/unifi-8.5.6: local privilege escalation vulnerability

Summary: <net-wireless/unifi-8.5.6: local privilege escalation vulnerability

Status:	RESOLVED FIXED

Alias:	CVE-2024-42028

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	https://community.ui.com/releases/Sec...
Whiteboard:	B1 [glsa+]
Keywords:

Depends on:
Blocks:

Reported:	2024-10-21 10:55 UTC by Conrad Kostecki
Modified:	2024-11-06 12:59 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Conrad Kostecki gentoo-dev

2024-10-21 10:55:27 UTC

A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.


Affected Products:
UniFi Network Application (Version 8.4.62 and earlier) .

Mitigation:
Update UniFi Network Application to Version 8.5.6 or later.

Comment 1 Larry the Git Cow gentoo-dev

2024-10-21 10:59:40 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf2b0e628845e1efb50dd6eaf0d4d04ae5f8ce55

commit bf2b0e628845e1efb50dd6eaf0d4d04ae5f8ce55
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2024-10-21 10:59:17 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2024-10-21 10:59:21 +0000

    net-wireless/unifi: drop 6.5.55-r2, 7.5.187, 8.3.32, 8.4.62
    
    Bug: https://bugs.gentoo.org/941922
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-wireless/unifi/Manifest               |   4 --
 net-wireless/unifi/unifi-6.5.55-r2.ebuild | 103 ----------------------------
 net-wireless/unifi/unifi-7.5.187.ebuild   | 109 ------------------------------
 net-wireless/unifi/unifi-8.3.32.ebuild    | 109 ------------------------------
 net-wireless/unifi/unifi-8.4.62.ebuild    | 109 ------------------------------
 5 files changed, 434 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd53e944de301788692fe0e6efbd52f06ba24802

commit cd53e944de301788692fe0e6efbd52f06ba24802
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2024-10-21 10:58:34 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2024-10-21 10:58:34 +0000

    net-wireless/unifi: amd64 stable
    
    Bug: https://bugs.gentoo.org/941922
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-wireless/unifi/unifi-8.5.6.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 2 Larry the Git Cow gentoo-dev

2024-11-06 12:58:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8457507055b402a1f245017489ef4c70e24f724a

commit 8457507055b402a1f245017489ef4c70e24f724a
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-11-06 12:57:53 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-11-06 12:58:12 +0000

    [ GLSA 202411-03 ] Ubiquiti UniFi: Privilege Escalation
    
    Bug: https://bugs.gentoo.org/941922
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202411-03.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)