RunIt CHPST Privilege Escalation Vulnerability
BID:17179
Info
RunIt CHPST Privilege Escalation Vulnerability
| Bugtraq ID: | 17179 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 21 2006 12:00AM |
| Updated: | Mar 21 2006 10:24PM |
| Credit: | Tino Keitel <[email protected]> discovered this issue. |
| Vulnerable: |
Gerrit Pape runit 1.4 Gerrit Pape runit 1.3.x Gerrit Pape runit 1.2.x Gerrit Pape runit 1.0.x Gerrit Pape runit 0.x Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
Gerrit Pape runit 1.4.1 |
Discussion
RunIt CHPST Privilege Escalation Vulnerability
Runit is susceptible to a local privilege-escalation vulnerability. This issue is due to a flaw in the 'chpst' utility that results in programs gaining unintended, elevated group privileges.
This issue will have varying consequences depending on the nature of programs executed by the affected utility. Attackers exploiting latent vulnerabilities in applications may gain access to elevated group privileges.
Runit versions prior to 1.4.1 are affected by this issue. This affects only packages that are compiled with 16-bit gid_t types (such as when compiled with dietlibc).
Runit is susceptible to a local privilege-escalation vulnerability. This issue is due to a flaw in the 'chpst' utility that results in programs gaining unintended, elevated group privileges.
This issue will have varying consequences depending on the nature of programs executed by the affected utility. Attackers exploiting latent vulnerabilities in applications may gain access to elevated group privileges.
Runit versions prior to 1.4.1 are affected by this issue. This affects only packages that are compiled with 16-bit gid_t types (such as when compiled with dietlibc).
Exploit / POC
RunIt CHPST Privilege Escalation Vulnerability
An exploit is not required to directly trigger this issue. However, exploiting latent vulnerabilities in applications that are executed with elevated privileges may require an exploit.
An exploit is not required to directly trigger this issue. However, exploiting latent vulnerabilities in applications that are executed with elevated privileges may require an exploit.
Solution / Fix
RunIt CHPST Privilege Escalation Vulnerability
Solution:
The vendor has released version 1.4.1 of runit to address this issue.
Debian GNU/Linux has released fixed packages of runit. Please see the referenced Debian bug report for further information.
Gerrit Pape runit 1.3.x
Gerrit Pape runit 0.x
Gerrit Pape runit 1.0.x
Gerrit Pape runit 1.2.x
Gerrit Pape runit 1.4
Solution:
The vendor has released version 1.4.1 of runit to address this issue.
Debian GNU/Linux has released fixed packages of runit. Please see the referenced Debian bug report for further information.
Gerrit Pape runit 1.3.x
-
Gerrit Pape runit-1.4.1.tar.gz
http://smarden.org/runit/runit-1.4.1.tar.gz
Gerrit Pape runit 0.x
-
Gerrit Pape runit-1.4.1.tar.gz
http://smarden.org/runit/runit-1.4.1.tar.gz
Gerrit Pape runit 1.0.x
-
Gerrit Pape runit-1.4.1.tar.gz
http://smarden.org/runit/runit-1.4.1.tar.gz
Gerrit Pape runit 1.2.x
-
Gerrit Pape runit-1.4.1.tar.gz
http://smarden.org/runit/runit-1.4.1.tar.gz
Gerrit Pape runit 1.4
-
Gerrit Pape runit-1.4.1.tar.gz
http://smarden.org/runit/runit-1.4.1.tar.gz
References
RunIt CHPST Privilege Escalation Vulnerability
References:
References:
- Accepted runit 1.4.1-1 (source i386) (Gerrit Pape
- Debian Bug report logs - #356016 (Debian)
- Runit Home Page (Gerrit Pape)