runit uidgid.h privilege escalation
| runit-uidgid-privilege-escalation (25419) |  High Risk |
Description:
runit is a Unix init scheme with service supervision. runit version 1.3.3 running on x86 platforms could allow a local attacker to gain elevated privileges, caused by an error in uidgid.h. If the chpst is compiled against the dietlibc library, when chpst is used to set the permissions of a process using the -u option with multiple group names, the uidgid.h incorrectly changes to the root group.
Consequences:
Gain Privileges
Remedy:
Upgrade to the latest version of runit (1.4.1 or later), available from the runit Web site. See References.
References:
- Debian Bug report logs - #356016: chpst: setting of multiple groups using -u is broken.
- runit Web site: runit - a UNIX init scheme with service supervision.
- BID-17179: RunIt CHPST Privilege Escalation Vulnerability
- CVE-2006-1319: chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.
- SA19323: RunIt "chpst" Multiple Groups Handling Security Issue
Platforms Affected:
- Gerrit Pape runit 1.3.3
Reported:
Mar 22, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net