seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/67341 | vdb entry |
| http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html | vendor advisory |
| http://openwall.com/lists/oss-security/2014/05/08/1 | mailing list |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | |
| http://advisories.mageia.org/MGASA-2014-0251.html | |
| http://secunia.com/advisories/59007 | third party advisory |
| http://rhn.redhat.com/errata/RHSA-2015-0864.html | vendor advisory |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:156 | vendor advisory |
| http://openwall.com/lists/oss-security/2014/04/30/4 | mailing list |
| http://openwall.com/lists/oss-security/2014/04/29/7 | mailing list |