aboutsummaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorCarlos O'Donell <carlos@redhat.com>2013-07-19 02:42:03 -0400
committerCarlos O'Donell <carlos@redhat.com>2013-07-21 15:39:55 -0400
commite4608715e6e1dd2adc91982fd151d5ba4f761d69 (patch)
tree04bc13d3736e14045f0f9fc37e0303a067f943cf /NEWS
parentda2d62df77de66e5de5755228759f8bc18481871 (diff)
downloadglibc-e4608715e6e1dd2adc91982fd151d5ba4f761d69.zip
glibc-e4608715e6e1dd2adc91982fd151d5ba4f761d69.tar.gz
glibc-e4608715e6e1dd2adc91982fd151d5ba4f761d69.tar.bz2
CVE-2013-2207, BZ #15755: Disable pt_chown.
The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk.
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS9
1 files changed, 8 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index c39157d..4b2d5ca 100644
--- a/NEWS
+++ b/NEWS
@@ -21,7 +21,14 @@ Version 2.18
15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426,
15429, 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488,
15490, 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583,
- 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711.
+ 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711, 15755.
+
+* CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal
+ has been fixed by disabling the use of pt_chown (Bugzilla #15755).
+ Distributions can re-enable building and using pt_chown via the new configure
+ option `--enable-pt_chown'. Enabling the use of pt_chown carries with it
+ considerable security risks and should only be used if the distribution
+ understands and accepts the risks.
* CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
#15078).