Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 606652 (CVE-2016-10151, CVE-2016-10152) - net-dns/hesiod: two flaws permitting privilege elevation (CVE-2016-{10151,10152})
Summary: net-dns/hesiod: two flaws permitting privilege elevation (CVE-2016-{10151,101...
Status: RESOLVED FIXED
Alias: CVE-2016-10151, CVE-2016-10152
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on: 626242 626246 626248 626250
Blocks: EAPI2Removal
  Show dependency tree
 
Reported: 2017-01-21 00:05 UTC by Thomas Deutschmann
Modified: 2018-05-02 23:53 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2017-01-21 00:05:46 UTC
# Weak SUID check allowing privilege elevation

Hesiod unsafely checks EUID vs UID in a few places, consulting
environment variables for configuration if they match.  This could be
used for privilege elevation under some circumstances.  The fix uses
secure_getenv() in place of getenv().

Upstream bug:

https://github.com/achernya/hesiod/pull/9

Upstream patch:

https://github.com/achernya/hesiod/commit/39b21dac9bc6473365de04d94be0da94941c7c73



# Use of hard-coded DNS domain if configuration file cannot be read

If opening the configuration file fails, hesiod falls back on a default
domain ".athena.mit.edu" to retrieve managed information.  A local
attacker with the opportunity to poison DNS cache could potentially
elevate their privileges to root by causing fopen() to fail.

Upstream bug:

https://github.com/achernya/hesiod/pull/10

Upstream patch:

https://github.com/achernya/hesiod/commit/247e2ce1f2aff40040657acaae7f1a1d673d6618
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-01-21 00:10:06 UTC
CC'ing TreeCleaner project:

Package has no maintainer, latest upstream release from 2013. It has some dependencies on hesiod USE flag. Let's see what comes first, a patched ebuild or the cleaners.
Comment 2 Pacho Ramos gentoo-dev 2018-04-29 17:20:17 UTC
removed
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2018-05-02 23:53:24 UTC
This issue was resolved and addressed in
 GLSA 201805-01 at https://security.gentoo.org/glsa/201805-01
by GLSA coordinator Aaron Bauman (b-man).