951333 – (CVE-2025-1390) sys-libs/libcap: Possible privilege escalation with "@"-prefixed groups

Bug 951333 (CVE-2025-1390) - sys-libs/libcap: Possible privilege escalation with "@"-prefixed groups

Summary: sys-libs/libcap: Possible privilege escalation with "@"-prefixed groups

Status:	IN_PROGRESS

Alias:	CVE-2025-1390

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	C2 [upstream/ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2025-03-14 11:29 UTC by Sam James
Modified:	2025-03-14 11:29 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2025-03-14 11:29:14 UTC

"The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames."

https://web.git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878