CVE-2017-14484: sci-mathematics/gimps root privilege escalation via init script
posted 2017-09-15
- Product
-
Gentoo Linux
sci-mathematics/gimps
package
- Versions affected
-
sci-mathematics/gimps-28.10 and earlier
- Published on
- 2017-09-15
- Bug report
-
https://bugs.gentoo.org/603408
- MITRE
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14484
- Acknowledgements
-
Paolo Pedroni for fixing it, and Christopher Díaz for the CVE
Summary
The Gentoo sci-mathematics/gimps package before 28.10-r1 allows
local users to gain root privileges by creating a hard link under
/var/lib/gimps, because an unsafe chown
-R
command is executed whenever the service is started.
Details
The full details, exploit, and mitigation are discussed in my
article, End
root chowning now (make /etc/init.d great again).