Hi, On Tue, Sep 22, 2015 at 10:29:10AM +0300, Marius Gavrilescu wrote: > > Package: core-network > Version: 4.8-1 > Severity: critical > Tags: security > Justification: root security hole > > This bug was found and reported by asaladin on OFTC #debian. As he has > yet to report a bug, I'm reporting it for him. > > Steps to reproduce: > 1. Start core-gui as a normal user. > 2. Create a host from the toolbar on the left. > 3. Start the session using the green button on the toolbar. > 4. Double-click on the host > > Now you get a root shell. I've tested it by adding a line to /etc/passwd > and by creating a file in /root/. > > The bug is most probably in core-network-daemon, as that is the only > part that runs as root. The bug should be exploitable without using the > GUI, but I do not know enough about core-network to try to reproduce it > using the command-line tools.
So this thread on the uptream discussion list http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html mention this as known. Gut feeling: should core-network maybe be removed from stable and possibly as well from unstable for stretch given the above? Regards, Salvatore
