Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

linux-patch-grsecurity2: CVE-2008-1940 security restriction bypass

Related Vulnerabilities: CVE-2008-1940  

Source

Debian Bug report logs - #478133
linux-patch-grsecurity2: CVE-2008-1940 security restriction bypass

version graph

Package: linux-patch-grsecurity2; Maintainer for linux-patch-grsecurity2 is Laszlo Boszormenyi (GCS) <gcs@debian.org>; Source for linux-patch-grsecurity2 is src:linux-patch-grsecurity2 (PTS, buildd, popcon).

Reported by: Nico Golde <nion@debian.org>

Date: Sun, 27 Apr 2008 12:57:02 UTC

Severity: grave

Tags: security

Fixed in version linux-patch-grsecurity2/2.1.11+2.6.24.5+200804211829-1

Done: Laszlo Boszormenyi (GCS) <gcs@debian.hu>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.hu>:
Bug#478133; Package linux-patch-grsecurity2. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.hu>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: linux-patch-grsecurity2: CVE-2008-1940 security restriction bypass
Date: Sun, 27 Apr 2008 14:53:07 +0200
[Message part 1 (text/plain, inline)]
Package: linux-patch-grsecurity2
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for linux-patch-grsecurity2.


CVE-2008-1940[0]:
| The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and
| 2.1.11-2.4.36.2 does not enforce user_transition_deny and
| user_transition_allow rules for the (1) sys_setfsuid and (2)
| sys_setfsgid calls, which allows local users to bypass restrictions
| for those calls.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1940
    http://security-tracker.debian.net/tracker/CVE-2008-1940

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.hu>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 478133-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
To: 478133-close@bugs.debian.org
Subject: Bug#478133: fixed in linux-patch-grsecurity2 2.1.11+2.6.24.5+200804211829-1
Date: Sun, 27 Apr 2008 14:02:10 +0000
Source: linux-patch-grsecurity2
Source-Version: 2.1.11+2.6.24.5+200804211829-1

We believe that the bug you reported is fixed in the latest version of
linux-patch-grsecurity2, which is due to be installed in the Debian FTP archive:

linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
  to pool/main/l/linux-patch-grsecurity2/linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
  to pool/main/l/linux-patch-grsecurity2/linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb
  to pool/main/l/linux-patch-grsecurity2/linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb
linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz
  to pool/main/l/linux-patch-grsecurity2/linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 478133@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.hu> (supplier of updated linux-patch-grsecurity2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 27 Apr 2008 15:39:50 +0200
Source: linux-patch-grsecurity2
Binary: linux-patch-grsecurity2
Architecture: source all
Version: 2.1.11+2.6.24.5+200804211829-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.hu>
Description: 
 linux-patch-grsecurity2 - grsecurity kernel patch - new major upstream version
Closes: 478133
Changes: 
 linux-patch-grsecurity2 (2.1.11+2.6.24.5+200804211829-1) unstable; urgency=high
 .
   * New upstream release, fixing CVE-2008-1940 (closes: #478133).
Checksums-Sha1: 
 7e58d2b85ba29871eb949a0176b36d78adc5a726 1314 linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
 b18cddacf77c7f817b82ec86a367fb4da3142ebd 603693 linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz
 4cfbf0aa9edb309f0b4577cc04661f5c582c7434 18551 linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
 cf5385d437ab8ad2a66df5e491f263a9344f40a3 281216 linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb
Checksums-Sha256: 
 f0be2b171643869c7003c7ddea45bb602585ae15f14150dd15a0415a8b54b52f 1314 linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
 20ddc9ff41a269b60e075d761da722c3198644b5befef197b947b2b1a2571964 603693 linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz
 f85a5f7308edfb4839b3af7205e535502863268623c232ca07d74fd4daeb5291 18551 linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
 8dc4875222b5c71a6a6e94e3939d6237b534d5554ac8b1df2f4fe805201e9723 281216 linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb
Files: 
 37f7aeb519527f5483e664e3a31b124f 1314 devel extra linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.dsc
 b768d37f7cf2be5a6e34de4e9496b5b9 603693 devel extra linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829.orig.tar.gz
 917e105ccc4c9d76b9b15dbdbabf157b 18551 devel extra linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1.diff.gz
 5943f0e42161d54d5a322e4b48700b38 281216 devel extra linux-patch-grsecurity2_2.1.11+2.6.24.5+200804211829-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkgUhFoACgkQMDatjqUaT90/TgCgrsfq1ADdYB3DO9WaxkTahFoo
XmsAnA0Ooigb5vVE+3k91uqRS81C3nrS
=fS4Z
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 29 May 2008 07:32:01 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:37:33 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started