[Bugs] [Bug 13278] New: [CVE 21] multipath-tools 0.8.9 CVEs found

bugzilla bugzilla на rosalinux.ru
Ср Май 3 17:00:51 MSK 2023 

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13278

          Platform: 2021.1
            Bug ID: 13278
           Summary: [CVE 21] multipath-tools 0.8.9  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-41973, CVE-2022-41974,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package multipath-tools version 0.8.9

INFO (CVEs are): multipath-tools 0.8.9
 cves found
CVE-2022-41973
Desc: multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to
obtain root access, as exploited in conjunction with CVE-2022-41974. Local
users able to access /dev/shm can change symlinks in multipathd due to
incorrect symlink handling, which could lead to controlled file writes outside
of the /dev/shm directory. This could be used indirectly for local privilege
escalation to root.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-41973
Severity: HIGH
CVE-2022-41974
Desc: multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to
obtain root access, as exploited alone or in conjunction with CVE-2022-41973.
Local users able to write to UNIX domain sockets can bypass access controls and
manipulate the multipath setup. This can lead to local privilege escalation to
root. This occurs because an attacker can repeat a keyword, which is mishandled
because arithmetic ADD is used instead of bitwise OR.
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-41974
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/7c443c2e/attachment.html>

Подробная информация о списке рассылки Bugs