drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen von Code mit höheren Privilegien in ecryptfs-utils
Name: |
Ausführen von Code mit höheren Privilegien in ecryptfs-utils |
|
ID: |
DSA-3450-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy, Debian jessie |
|
Datum: |
Mi, 20. Januar 2016, 23:22 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1572 |
|
Applikationen: |
eCryptfs |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3450-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 20, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : ecryptfs-utils CVE ID : CVE-2016-1572
Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges.
For the oldstable distribution (wheezy), this problem has been fixed in version 99-1+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 103-5+deb8u1.
We recommend that you upgrade your ecryptfs-utils packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJWn6/mAAoJEAVMuPMTQ89EV4sQAIVM6CfIxSMuwdGbHZZ8Qa9O sm20+i0NTNAq9xnCS0F4js9YblgqdtWE8NUII/+fQtN9wfRT+TU7kxnTfnWFiiDt qOsGZE5hquOVAtlRRwcjCUlzyyv5T96cPdg8I7tsCS6S1eZUq2NdEkxl09XBA8m4 SXSJRX4ZGwkt7Aon5ohQGiLREmSf1NgWXyfYakQ1oD30J3CbL2I+mBgfcZ98s4cu 7Y0w3kTXMnaDyuzf/v2XuGm8bfJNCmt1yu86ZVnNUREvQ5ANXsyyAX+ra6I0nkMD 8LzqFuq5riabw0ouOsZ5yLo2YmKe+594MF4n1a59C04ysbk+mNop9PIxWCmGsOPK 2YyUbCyqJLg9h0uw8AMCKEPZnKKi/wJXR5AcW4lKgloT87NYOVUB9KI6G4a4JbDf 8yt2AOchzvvwKs1daPaj9OCH6PzVYqSKiAbL6AGpUQkl26QYXiMB07wVXID+xLY4 rGHqeW2PGYDrHuwj9M6GdWQq+y5/JkgXXJQk7dlGdajF7/cmpMYiMPrJ1/9crGxP BxUJsSqYF1GORbr1fTEQDfiaeuzPc6WNu2YPjzWTNAdfmAxvhpMZNans8yXPXN0G fJ/MrBpRcHOLYlKlLKby7M8r7c9+r2FbkgA8rsage4qYga0uE1UqQZ7+kSruRvGY XFYNo3wxy0eK+RmqthLx =VFgC -----END PGP SIGNATURE-----
|
|
|
|