Vigil@nce - Linux kernel: privilege not lost via chown
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who inherits via chown() of a file previously
belonging to another user, obtains a file which potentially still
has privileged attributes.
Impacted products: Linux
Severity: 1/4
Creation date: 19/01/2015
DESCRIPTION OF THE VULNERABILITY
The chown() function changes the owner of a file.
This function also resets the suid and sgid bits. However, the
capabilities (setcap) and extended attributes are not reset.
An attacker, who inherits via chown() of a file previously
belonging to another user, therefore obtains a file which
potentially still has privileged attributes.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-privilege-not-lost-via-chown-15997