610802 – (CVE-2017-2616) [TRACKER] su: user can send SIGKILL with root privileges to other processes (CVE-2017-2616)

Bug 610802 (CVE-2017-2616) - [TRACKER] su: user can send SIGKILL with root privileges to other processes (CVE-2017-2616)

Summary: [TRACKER] su: user can send SIGKILL with root privileges to other processes (...

Status:	RESOLVED FIXED

Alias:	CVE-2017-2616

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:	Tracker

Depends on:	610664 610804
Blocks:
	Show dependency tree

Reported:	2017-02-24 12:24 UTC by Thomas Deutschmann (RETIRED)
Modified:	2017-07-15 22:59 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-02-24 12:24:03 UTC

If su is compiled with PAM support, it is possible for any local user to send SIGKILL to other processes with root privileges. To exploit this, the user must be able to perform su with a successful login. This does NOT have to be the root user, even using su with the same id is enough, e.g. "su $(whoami)". SIGKILL can only be sent to processes which were executed after the su process. It is not possible to send SIGKILL to processes which were already running.