Saturday, 25 July 2015

Red Hat Patches Leak That Gave Local Users Root Privileges


Red Hat has released security updates for two vulnerabilities allowing a local user to the file / etc / passwd could adapt and root privileges could get. The vulnerabilities are in the libuser library, which is standard on all Red Hat-derived Linux distributions is present.

During an internal investigation discovered security company Qualys different libuser-related vulnerabilities. The first vulnerability is present in the "user helper" and a local user allows to edit the file / etc / passwd. This would be possible to cause a local denial of service. Qualys does not exclude that it is possible for a local user to gain root privileges on the system, but to make the company failed an exploit that realizes this. That did succeed with a second leak in libuser itself.This allows a local user to gain root privileges.

Red Hat released yesterday updates to the vulnerabilities of, after being informed in advance. However, there is a commotion about the publication of Qualys. The company would information about the vulnerabilities, including exploits, published before the Red Hat updates to users could be deployed. Something for discussion on the oss-sec mailing list and Reddit made.

No comments:

Post a Comment