Package: core-network Version: 4.8-1 Severity: critical Tags: security Justification: root security hole
This bug was found and reported by asaladin on OFTC #debian. As he has yet to report a bug, I'm reporting it for him. Steps to reproduce: 1. Start core-gui as a normal user. 2. Create a host from the toolbar on the left. 3. Start the session using the green button on the toolbar. 4. Double-click on the host Now you get a root shell. I've tested it by adding a line to /etc/passwd and by creating a file in /root/. The bug is most probably in core-network-daemon, as that is the only part that runs as root. The bug should be exploitable without using the GUI, but I do not know enough about core-network to try to reproduce it using the command-line tools. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.1.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages core-network depends on: ii core-network-daemon 4.8-1 ii core-network-gui 4.8-1 core-network recommends no packages. Versions of packages core-network suggests: ii tcpdump 4.7.4-1 -- no debconf information -- Marius Gavrilescu
signature.asc
Description: PGP signature
