Vigil@nce - libgnomesu: privilege elevation
June 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use /usr/lib/libgnomesu/gnomesu-pam-backend,
in order to elevate his privileges.
Severity: 2/4
Creation date: 06/06/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The setuid() system call is used by a privileged program to change
the current user.
The /usr/lib/libgnomesu/gnomesu-pam-backend suid root program is
used by the "su" command with PAM and Gnome. This program uses
setuid() to change from root to the requested user. However, this
program does not check if the setuid() system call failed. A local
attacker can therefore create this error condition, in order to
force gnomesu-pam-backend to continue running with root privileges.
A local attacker can therefore use /usr/lib/libgnomesu/gnomesu-pam-backend, in order to elevate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libgnomesu-privilege-elevation-10712