** Changed in: linux-lts-quantal (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Utopic)
Status: New => Fix Committed
** Changed in: linux-lts-raring (Ubuntu Precise)
Status: New => Fix Committed
** Description changed:
- The internal function inode_capable was used inappropriately. Depending
- on configuration, this may be usable to escalate privileges. A cursory
- inspection of my Fedora box suggests that it is not vulnerable to the
- obvious way to exploit this bug.
+ The capabilities implementation in the Linux kernel before 3.14.8 does
+ not properly consider that namespaces are inapplicable to inodes, which
+ allows local users to bypass intended chmod restrictions by first
+ creating a user namespace, as demonstrated by setting the setgid bit on
+ a file with group ownership of root.
Break-Fix: - 23adbe12ef7d3d4195e80800ab36b37bee28cd03
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1329103
Title:
CVE-2014-4014
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1329103/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
