Executive Summary
Summary | |
---|---|
Title | policycoreutils security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0414 | First vendor Publication | 2011-04-04 |
Vendor | RedHat | Last vendor Modification | 2011-04-04 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated policycoreutils packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory mounted as /tmp/. A local user could use this flaw to overwrite files or, possibly, execute arbitrary code with the privileges of a setuid or setgid application that relies on proper /tmp/ permissions, by running that application via seunshare. (CVE-2011-1011) Red Hat would like to thank Tavis Ormandy for reporting this issue. This update also introduces the following changes: * The seunshare utility was moved from the main policycoreutils subpackage to the policycoreutils-sandbox subpackage. This utility is only required by the sandbox feature and does not need to be installed by default. * Updated selinux-policy packages that add the SELinux policy changes required by the seunshare fixes. All policycoreutils users should upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 633544 - CVE-2011-1011 policycoreutils: insecure temporary directory handling in seunshare |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0414.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21423 | |||
Oval ID: | oval:org.mitre.oval:def:21423 | ||
Title: | RHSA-2011:0414: policycoreutils security update (Important) | ||
Description: | The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0414-01 CVE-2011-1011 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | policycoreutils selinux-policy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23059 | |||
Oval ID: | oval:org.mitre.oval:def:23059 | ||
Title: | ELSA-2011:0414: policycoreutils security update (Important) | ||
Description: | The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0414-01 CVE-2011-1011 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | policycoreutils selinux-policy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27195 | |||
Oval ID: | oval:org.mitre.oval:def:27195 | ||
Title: | DEPRECATED: ELSA-2011-0414 -- policycoreutils security update (important) | ||
Description: | policycoreutils: [2.0.83-19.8] - Fix seunshare to work with /tmp content when SELinux context is not provided Resolves: #679689 [2.0.83-19.7] - put back correct chcon - Latest fixes for seunshare [2.0.83-19.6] - Fix rsync command to work if the directory is old. - Fix all tests Resolves: #679689 [2.0.83-19.5] - Add requires rsync and fix man page for seunshare [2.0.83-19.4] - fix to sandbox - Fix seunshare to use more secure handling of /tmp - Rewrite seunshare to make sure /tmp is mounted stickybit owned by root - Change to allow sandbox to run on nfs homedirs, add start python script - change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_* - Move seunshare to sandbox package - Fix sandbox to show correct types in usage statement selinux-policy: [3.7.19-54.0.1.el6_0.5] - Allow ocfs2 to be mounted with file_t type. [3.7.19-54.el6_0.5] - seunshare needs to be able to mounton nfs/cifs/fusefs homedirs Resolves: #684918 [3.7.19-54.el6_0.4] - Fix to sandbox * selinux-policy fixes for policycoreutils sandbox changes - Fix seunshare to use more secure handling of /tmp - Change to allow sandbox to run on nfs homedirs, add start python script | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0414 CVE-2011-1011 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | policycoreutils selinux-policy |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-06 | Name : RedHat Update for policycoreutils RHSA-2011:0414-01 File : nvt/gb_RHSA-2011_0414-01_policycoreutils.nasl |
2011-03-24 | Name : Fedora Update for policycoreutils FEDORA-2011-3043 File : nvt/gb_fedora_2011_3043_policycoreutils_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72541 | Red Hat policycoreutils seunshare sandbox/seunshare.c seunshare_mount Functio... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0414.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110404_policycoreutils_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-04-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0414.nasl - Type : ACT_GATHER_INFO |
2011-03-21 | Name : The remote Fedora host is missing a security update. File : fedora_2011-3043.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:33 |
|