Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 606652 (CVE-2016-10151, CVE-2016-10152)

Summary: net-dns/hesiod: two flaws permitting privilege elevation (CVE-2016-{10151,10152})
Product: Gentoo Security Reporter: Thomas Deutschmann <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: maintainer-needed, slawomir.nizio
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2017/01/20/3
See Also: https://bugs.gentoo.org/show_bug.cgi?id=628622
Whiteboard: B1 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 626242, 626246, 626248, 626250    
Bug Blocks: 648050    

Description Thomas Deutschmann gentoo-dev Security 2017-01-21 00:05:46 UTC
# Weak SUID check allowing privilege elevation

Hesiod unsafely checks EUID vs UID in a few places, consulting
environment variables for configuration if they match.  This could be
used for privilege elevation under some circumstances.  The fix uses
secure_getenv() in place of getenv().

Upstream bug:

https://github.com/achernya/hesiod/pull/9

Upstream patch:

https://github.com/achernya/hesiod/commit/39b21dac9bc6473365de04d94be0da94941c7c73



# Use of hard-coded DNS domain if configuration file cannot be read

If opening the configuration file fails, hesiod falls back on a default
domain ".athena.mit.edu" to retrieve managed information.  A local
attacker with the opportunity to poison DNS cache could potentially
elevate their privileges to root by causing fopen() to fail.

Upstream bug:

https://github.com/achernya/hesiod/pull/10

Upstream patch:

https://github.com/achernya/hesiod/commit/247e2ce1f2aff40040657acaae7f1a1d673d6618
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-01-21 00:10:06 UTC
CC'ing TreeCleaner project:

Package has no maintainer, latest upstream release from 2013. It has some dependencies on hesiod USE flag. Let's see what comes first, a patched ebuild or the cleaners.
Comment 2 Pacho Ramos gentoo-dev 2018-04-29 17:20:17 UTC
removed
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2018-05-02 23:53:24 UTC
This issue was resolved and addressed in
 GLSA 201805-01 at https://security.gentoo.org/glsa/201805-01
by GLSA coordinator Aaron Bauman (b-man).