michael orlitzky

CVE-2017-14484: sci-mathematics/gimps root privilege escalation via init script

posted 2017-09-15

Product

Gentoo Linux sci-mathematics/gimps package

Versions affected

sci-mathematics/gimps-28.10 and earlier

Published on

2017-09-15

Bug report

https://bugs.gentoo.org/603408

MITRE

CVE-2017-14484

Acknowledgements

Paolo Pedroni for fixing it, and Christopher Díaz for the CVE

Summary

The Gentoo sci-mathematics/gimps package before 28.10-r1 allows local users to gain root privileges by creating a hard link under /var/lib/gimps, because an unsafe chown -R command is executed whenever the service is started.

Details

The full details, exploit, and mitigation are discussed in my article, End root chowning now (make /etc/init.d great again).