 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.870663 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Update for policycoreutils RHSA-2011:0414-01 |
| Summary: | The remote host is missing an update for the 'policycoreutils'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'policycoreutils' package(s) announced via the referenced advisory. Vulnerability Insight: The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory mounted as /tmp/. A local user could use this flaw to overwrite files or, possibly, execute arbitrary code with the privileges of a setuid or setgid application that relies on proper /tmp/ permissions, by running that application via seunshare. (CVE-2011-1011) Red Hat would like to thank Tavis Ormandy for reporting this issue. This update also introduces the following changes: * The seunshare utility was moved from the main policycoreutils subpackage to the policycoreutils-sandbox subpackage. This utility is only required by the sandbox feature and does not need to be installed by default. * Updated selinux-policy packages that add the SELinux policy changes required by the seunshare fixes. All policycoreutils users should upgrade to these updated packages, which correct this issue. Affected Software/OS: policycoreutils on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1011 1025291 http://www.securitytracker.com/id?1025291 20110222 Developers should not rely on the stickiness of /tmp on Red Hat Linux http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html 43415 http://secunia.com/advisories/43415 43844 http://secunia.com/advisories/43844 44034 http://secunia.com/advisories/44034 46510 http://www.securityfocus.com/bid/46510 ADV-2011-0701 http://www.vupen.com/english/advisories/2011/0701 ADV-2011-0864 http://www.vupen.com/english/advisories/2011/0864 FEDORA-2011-3043 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html RHSA-2011:0414 http://www.redhat.com/support/errata/RHSA-2011-0414.html [oss-security] 20110222 CVE Request http://openwall.com/lists/oss-security/2011/02/23/1 [oss-security] 20110223 Re: CVE Request http://openwall.com/lists/oss-security/2011/02/23/2 http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197 https://bugzilla.redhat.com/show_bug.cgi?id=633544 policycoreutils-seunshare-symlink(65641) https://exchange.xforce.ibmcloud.com/vulnerabilities/65641 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |