michael orlitzky

CVE-2017-14730: app-admin/logstash-bin root privilege escalation via init script

posted 2017-09-25

Product

Gentoo Linux app-admin/logstash-bin package

Versions affected

app-admin/logstash-bin-5.4.3-r1 and earlier

Published on

2017-09-25

Fixed in

versions 5.5.3 and 5.6.1, commits bbd6cb3 and 18f97c8

Bug report

https://bugs.gentoo.org/628558

Pull request

https://github.com/gentoo/gentoo/pull/5665

MITRE

CVE-2017-14730

Acknowledgements

Tomáš Mózes and Ferenc Erki (the maintainers) for fixing the vulnerability

Summary

The Gentoo app-admin/logstash-bin package before version 5.5.3 allows its local unprivileged user to gain root by creating a hard link in a directory on which >chown is called recursively by the OpenRC service script.

Details

The full details, exploit, and mitigation are discussed in my article, End root chowning now (make /etc/init.d great again).