grsecurity RBAC User Transition Security Issue - Security


Editor Login \| Register		Ekle

> World > Security

grsecurity RBAC User Transition Security Issue - Security - World -

CWRedLight

(Date : 23.04.2008 00:49:59)

%10

grsecurity RBAC User Transition Security Issue

Secunia Advisory:	SA29899
Release Date:	2008-04-22

Critical:	Not critical
Impact:	Security Bypass
Where:	Local system
Solution Status:	Vendor Patch

Software:	grsecurity 2.x

Description:
A security issue has been reported in grsecurity, which can be exploited by malicious, local users to bypass certain security restrictions.

The security issue is caused due to an error in the RBAC system when enforcing the "user_transition_deny" and "user_transition_allow" rules. This can be exploited to bypass the affected rules in calls to "sys_setfsuid()" and "sys_setfsgid()".

The security issue is reported in versions prior to 2.1.11-2.6.24.5 (2008-04-21) and 2.1.11-2.4.36.2 (2008-04-21).

Solution:
Update to 2.1.11-2.6.24.5 (2008-04-21) or 2.1.11-2.4.36.2 (2008-04-21).
http://www.grsecurity.org/download.php

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.grsecurity.org/news.php

Derecelendir

Kaynak

http://secunia.com/advisories/29899/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS