Opened 15 years ago

Closed 15 years ago

#3444 closed defect (fixed)

Privilege Escalation

Reported by: Mike Frysinger Owned by:
Component: other Version:
Keywords: Cc:
Guest type: other Host type: Linux

Description (last modified by Frank Mehnert)

description of this report deleted

Change History (7)

comment:2 by Frank Mehnert, 15 years ago

Description: modified (diff)
Summary: privilege escalation due to DT_RPATH:$ORIGIN and set*idPrivilege Escalation

Thanks for this report, we will fix this ASAP.

comment:3 by Frank Mehnert, 15 years ago

This bug applies only to the Linux .run packages (no other host architecture and no .deb/.rpm package). We replaced the .run 2.0.6 and 2.1.4 .run packages. You will find the updated builds as well as updated OSE archives at the download page.

A more detailed report will follow.

comment:4 by Mike Frysinger, 15 years ago

OSE seems to encourage $ORIGIN usage too ... at least on Debian systems, apt-get install virtualbox-ose will result in the same issue.

comment:5 by Frank Mehnert, 15 years ago

Right, this will be fixed when generating new packages using the updated OSE 2.1.4 tarball.

comment:6 by Frank Mehnert, 15 years ago

To be more specific, r17168 plus r17169 plus r17171 will fix the problem in OSE builds.

comment:7 by Frank Mehnert, 15 years ago

Btw, Debian/Lenny is not affected as it ships VirtualBox 1.6.6 (without suid binaries).

comment:8 by Frank Mehnert, 15 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use