[Secure-testing-team] Bug#688007: monkey: Fails to drop supplemental groups when lowering privileges
John Lightsey
lightsey at debian.org
Tue Sep 18 03:59:37 UTC 2012
Package: monkey
Version: 0.9.3-1
Severity: grave
Tags: security
Justification: user security hole
Monkey webserver fails to drop supplemental groups when lowering privileges.
This allows any local user on the system to read any fine that root's
supplemental
groups can access. Monkey does perform a filesystem access check to make sure
that its EUID/EGID can access the target file, but this check is subject to
TOCTOU flaws.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list