Candidate: CVE-2014-3215
PublicDate: 2014-05-08 10:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3215
 http://openwall.com/lists/oss-security/2014/05/08/1
 http://openwall.com/lists/oss-security/2014/04/30/4
 http://openwall.com/lists/oss-security/2014/04/29/7
Description:
 seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions,
 and executes programs in a way that changes the relationship between the
 setuid system call and the getresuid saved set-user-ID value, which makes
 it easier for local users to gain privileges by leveraging a program that
 mistakenly expected that it could permanently drop privileges.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Andy Lutomirski
Assigned-to:
CVSS: 

Patches_policycoreutils:
upstream_policycoreutils: needed
lucid_policycoreutils: ignored (reached end-of-life)
precise_policycoreutils: ignored (reached end-of-life)
precise/esm_policycoreutils: DNE (precise was needed)
quantal_policycoreutils: not-affected
saucy_policycoreutils: not-affected
trusty_policycoreutils: not-affected
trusty/esm_policycoreutils: not-affected
utopic_policycoreutils: not-affected
vivid_policycoreutils: not-affected
vivid/stable-phone-overlay_policycoreutils: DNE
vivid/ubuntu-core_policycoreutils: DNE
wily_policycoreutils: not-affected
xenial_policycoreutils: not-affected
yakkety_policycoreutils: not-affected
zesty_policycoreutils: not-affected
devel_policycoreutils: not-affected