Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 462172 (CVE-2013-1858) - Kernel : CLONE_NEWUSER | CLONE_FS chroot exploit (CVE-2013-1858)
Summary: Kernel : CLONE_NEWUSER | CLONE_FS chroot exploit (CVE-2013-1858)
Status: RESOLVED FIXED
Alias: CVE-2013-1858
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: [linux >=3.8.0 <3.8.3] [linux >=3.9-r...
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-18 09:13 UTC by Agostino Sarubbo
Modified: 2022-03-25 15:08 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-18 09:13:21 UTC
From $URL :

Linux kernels which support unprivileged user namespaces (CLONE_NEWUSER) and at the same time allow sharing file system information (CLONE_FS) between parent process and 
its newly clone(2)d child process in the new user namespace, are vulnerable to a privilege escalation flaw as presented by Sebastian Krahmer
in his chroot exploit [1].

  [1] http://stealth.openwall.net/xSports/clown-newuser.c

An unprivileged local user could use this flaw to gain root privileges on a system.

Upstream fix:
-------------
 -> https://git.kernel.org/linus/e66eded8309ebf679d3d3c1f5820d1f2ca332c71

Reference:
----------
 -> http://www.openwall.com/lists/oss-security/2013/03/13/8
Comment 1 Adrian Bassett 2013-03-18 10:00:18 UTC
The fix is already in 3.8.3 ...
Comment 2 kfm 2013-03-26 01:24:37 UTC
I'm defining the affected vanilla versions in the whiteboard field.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-04-11 16:59:28 UTC
CVE-2013-1858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1858):
  The clone system-call implementation in the Linux kernel before 3.8.3 does
  not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags,
  which allows local users to gain privileges by calling chroot and leveraging
  the sharing of the / directory between a parent process and a child process.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 15:08:01 UTC
Fixed in 3.8.3.