Summary: | mail-filter/assp: root privilege escalation through user-owned daemon | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jesse, patrick, treecleaner |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Orlitzky
2017-08-31 11:49:01 UTC
@Maintainer please call for stabilization when ready. @mjo was this reported upstream? It would be good to request a CVE for this issue if possible too. Thank you, Gentoo Security Padawan ChrisADR Our ebuild does, # Lock down the files/data fowners assp:assp -R /usr/share/assp so I don't think it's an upstream issue, but you'd have to dig through their build system to rule it out. (In reply to Michael Orlitzky from comment #2) > Our ebuild does, > > # Lock down the files/data > fowners assp:assp -R /usr/share/assp > > so I don't think it's an upstream issue, but you'd have to dig through their > build system to rule it out. Thank you for the clarification. @Maintainer please call for stabilization when necessary. Gentoo Security Padawan ChrisADR The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0ebfbc763961a1a7b5c7adbdc53fc370870df4f commit d0ebfbc763961a1a7b5c7adbdc53fc370870df4f Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-12-01 18:22:34 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-12-01 18:23:02 +0000 mail-filter/assp: Remove last-rited pkg Bug: https://bugs.gentoo.org/629442 Signed-off-by: Michał Górny <mgorny@gentoo.org> mail-filter/assp/Manifest | 3 - mail-filter/assp/assp-1.8.5.9.ebuild | 178 ------------------------------ mail-filter/assp/assp-1.9.4.9.ebuild | 179 ------------------------------- mail-filter/assp/assp-1.9.8.13030.ebuild | 179 ------------------------------- mail-filter/assp/files/asspd.init | 21 ---- mail-filter/assp/metadata.xml | 25 ----- profiles/package.mask | 5 - 7 files changed, 590 deletions(-) |