Bug#973245: openrc: CVE-2018-21269: checkpath root privilege escalation following non-terminal symlinks

Moritz Mühlenhoff Thu, 06 May 2021 10:45:18 -0700

Am Sun, Jan 10, 2021 at 12:34:35AM +0100 schrieb Moritz Mühlenhoff:
> Am Tue, Oct 27, 2020 at 08:53:28PM +0100 schrieb Salvatore Bonaccorso:
> > Source: openrc
> > Version: 0.42-1
> > Severity: important
> > Tags: security upstream
> > Forwarded: https://github.com/OpenRC/openrc/issues/201
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team 
> > <t...@security.debian.org>
> > Control: found -1 0.40.3-1
> > 
> > 
> > CVE-2018-21269[0]:
> > | checkpath in OpenRC through 0.42.1 might allow local users to take
> > | ownership of arbitrary files because a non-terminal path component can
> > | be a symlink.
> 
> This got fixed in
> https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335


*ping*, can we get that fixed in bullseye?

Cheers,
        Moritz

Bug#973245: openrc: CVE-2018-21269: checkpath root privilege escalation following non-terminal symlinks

Reply via email to