CVE-2011-1011

Description

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.

Affected products

• RedHat / enterprise_linux3 – 3
• RedHat / enterprise_linux4 – 4
• RedHat / enterprise_linux5 – 5
• RedHat / enterprise_linux6.0 – 6.0
• RedHat / fedora6 – 6
• RedHat / fedora7 – 7
• RedHat / fedora8 – 8
• RedHat / fedora9 – 9
• RedHat / fedora10 – 10
• RedHat / fedora12 – 12
• RedHat / fedora13 – 13
• RedHat / fedora14 – 14
• RedHat / policycoreutils1.20 – 1.20
• RedHat / policycoreutils1.21.1 – 1.21.1
• RedHat / policycoreutils1.21.2 – 1.21.2
• RedHat / policycoreutils1.21.3 – 1.21.3
• RedHat / policycoreutils1.21.4 – 1.21.4
• RedHat / policycoreutils1.21.5 – 1.21.5
• RedHat / policycoreutils1.21.6 – 1.21.6
• RedHat / policycoreutils1.21.7 – 1.21.7
• RedHat / policycoreutils1.21.8 – 1.21.8
• RedHat / policycoreutils1.21.9 – 1.21.9
• RedHat / policycoreutils1.21.10 – 1.21.10
• RedHat / policycoreutils1.21.11 – 1.21.11
• RedHat / policycoreutils1.21.12 – 1.21.12
• RedHat / policycoreutils1.21.13 – 1.21.13
• RedHat / policycoreutils1.21.14 – 1.21.14
• RedHat / policycoreutils1.21.15 – 1.21.15
• RedHat / policycoreutils1.21.16 – 1.21.16
• RedHat / policycoreutils1.21.17 – 1.21.17
• RedHat / policycoreutils1.21.18 – 1.21.18
• RedHat / policycoreutils1.21.19 – 1.21.19
• RedHat / policycoreutils1.21.20 – 1.21.20
• RedHat / policycoreutils1.21.21 – 1.21.21
• RedHat / policycoreutils1.21.22 – 1.21.22
• RedHat / policycoreutils1.22 – 1.22
• RedHat / policycoreutils1.23.1 – 1.23.1
• RedHat / policycoreutils1.23.2 – 1.23.2
• RedHat / policycoreutils1.23.3 – 1.23.3
• RedHat / policycoreutils1.23.4 – 1.23.4
• RedHat / policycoreutils1.23.5 – 1.23.5
• RedHat / policycoreutils1.23.6 – 1.23.6
• RedHat / policycoreutils1.23.7 – 1.23.7
• RedHat / policycoreutils1.23.8 – 1.23.8
• RedHat / policycoreutils1.23.9 – 1.23.9
• RedHat / policycoreutils1.23.10 – 1.23.10
• RedHat / policycoreutils1.23.11 – 1.23.11
• RedHat / policycoreutils1.24 – 1.24
• RedHat / policycoreutils1.25.1 – 1.25.1
• RedHat / policycoreutils1.25.2 – 1.25.2
• RedHat / policycoreutils1.25.3 – 1.25.3
• RedHat / policycoreutils1.25.4 – 1.25.4
• RedHat / policycoreutils1.25.5 – 1.25.5
• RedHat / policycoreutils1.25.6 – 1.25.6
• RedHat / policycoreutils1.25.7 – 1.25.7
• RedHat / policycoreutils1.25.8 – 1.25.8
• RedHat / policycoreutils1.25.9 – 1.25.9
• RedHat / policycoreutils1.26 – 1.26
• RedHat / policycoreutils1.27.1 – 1.27.1
• RedHat / policycoreutils1.27.2 – 1.27.2
• RedHat / policycoreutils1.27.3 – 1.27.3
• RedHat / policycoreutils1.27.4 – 1.27.4
• RedHat / policycoreutils1.27.5 – 1.27.5
• RedHat / policycoreutils1.27.6 – 1.27.6
• RedHat / policycoreutils1.27.7 – 1.27.7
• RedHat / policycoreutils1.27.8 – 1.27.8
• RedHat / policycoreutils1.27.9 – 1.27.9
• RedHat / policycoreutils1.27.10 – 1.27.10
• RedHat / policycoreutils1.27.11 – 1.27.11
• RedHat / policycoreutils1.27.12 – 1.27.12
• RedHat / policycoreutils1.27.13 – 1.27.13
• RedHat / policycoreutils1.27.14 – 1.27.14
• RedHat / policycoreutils1.27.15 – 1.27.15
• RedHat / policycoreutils1.27.16 – 1.27.16
• RedHat / policycoreutils1.27.17 – 1.27.17
• RedHat / policycoreutils1.27.18 – 1.27.18
• RedHat / policycoreutils1.27.19 – 1.27.19
• RedHat / policycoreutils1.27.20 – 1.27.20
• RedHat / policycoreutils1.27.21 – 1.27.21
• RedHat / policycoreutils1.27.22 – 1.27.22
• RedHat / policycoreutils1.27.23 – 1.27.23
• RedHat / policycoreutils1.27.24 – 1.27.24
• RedHat / policycoreutils1.27.25 – 1.27.25
• RedHat / policycoreutils1.27.26 – 1.27.26
• RedHat / policycoreutils1.27.27 – 1.27.27
• RedHat / policycoreutils1.27.28 – 1.27.28
• RedHat / policycoreutils1.27.29 – 1.27.29
• RedHat / policycoreutils1.27.30 – 1.27.30
• RedHat / policycoreutils1.27.31 – 1.27.31
• RedHat / policycoreutils1.27.32 – 1.27.32
• RedHat / policycoreutils1.27.33 – 1.27.33
• RedHat / policycoreutils1.27.34 – 1.27.34
• RedHat / policycoreutils1.27.35 – 1.27.35
• RedHat / policycoreutils1.27.36 – 1.27.36
• RedHat / policycoreutils1.27.37 – 1.27.37
• RedHat / policycoreutils1.28 – 1.28
• RedHat / policycoreutils1.29.1 – 1.29.1
• RedHat / policycoreutils1.29.2 – 1.29.2
• RedHat / policycoreutils1.29.3 – 1.29.3
• RedHat / policycoreutils1.29.4 – 1.29.4
• RedHat / policycoreutils1.29.5 – 1.29.5
• RedHat / policycoreutils1.29.6 – 1.29.6
• RedHat / policycoreutils1.29.7 – 1.29.7
• RedHat / policycoreutils1.29.8 – 1.29.8
• RedHat / policycoreutils1.29.9 – 1.29.9
• RedHat / policycoreutils1.29.10 – 1.29.10
• RedHat / policycoreutils1.29.11 – 1.29.11
• RedHat / policycoreutils1.29.12 – 1.29.12
• RedHat / policycoreutils1.29.13 – 1.29.13
• RedHat / policycoreutils1.29.14 – 1.29.14
• RedHat / policycoreutils1.29.15 – 1.29.15
• RedHat / policycoreutils1.29.16 – 1.29.16
• RedHat / policycoreutils1.29.17 – 1.29.17
• RedHat / policycoreutils1.29.18 – 1.29.18
• RedHat / policycoreutils1.29.19 – 1.29.19
• RedHat / policycoreutils1.29.20 – 1.29.20
• RedHat / policycoreutils1.29.21 – 1.29.21
• RedHat / policycoreutils1.29.22 – 1.29.22
• RedHat / policycoreutils1.29.23 – 1.29.23
• RedHat / policycoreutils1.29.24 – 1.29.24
• RedHat / policycoreutils1.29.25 – 1.29.25
• RedHat / policycoreutils1.29.26 – 1.29.26
• RedHat / policycoreutils1.29.27 – 1.29.27
• RedHat / policycoreutils1.29.28 – 1.29.28
• RedHat / policycoreutils1.30 – 1.30
• RedHat / policycoreutils1.30.1 – 1.30.1
• RedHat / policycoreutils1.30.2 – 1.30.2
• RedHat / policycoreutils1.30.3 – 1.30.3
• RedHat / policycoreutils1.30.4 – 1.30.4
• RedHat / policycoreutils1.30.5 – 1.30.5
• RedHat / policycoreutils1.30.6 – 1.30.6
• RedHat / policycoreutils1.30.7 – 1.30.7
• RedHat / policycoreutils1.30.8 – 1.30.8
• RedHat / policycoreutils1.30.9 – 1.30.9
• RedHat / policycoreutils1.30.10 – 1.30.10
• RedHat / policycoreutils1.30.11 – 1.30.11
• RedHat / policycoreutils1.30.12 – 1.30.12
• RedHat / policycoreutils1.30.13 – 1.30.13
• RedHat / policycoreutils1.30.14 – 1.30.14
• RedHat / policycoreutils1.30.15 – 1.30.15
• RedHat / policycoreutils1.30.16 – 1.30.16
• RedHat / policycoreutils1.30.17 – 1.30.17
• RedHat / policycoreutils1.30.18 – 1.30.18
• RedHat / policycoreutils1.30.19 – 1.30.19
• RedHat / policycoreutils1.30.20 – 1.30.20
• RedHat / policycoreutils1.30.21 – 1.30.21
• RedHat / policycoreutils1.30.22 – 1.30.22
• RedHat / policycoreutils1.30.23 – 1.30.23
• RedHat / policycoreutils1.30.24 – 1.30.24
• RedHat / policycoreutils1.30.25 – 1.30.25
• RedHat / policycoreutils1.30.26 – 1.30.26
• RedHat / policycoreutils1.30.27 – 1.30.27
• RedHat / policycoreutils1.30.28 – 1.30.28
• RedHat / policycoreutils1.30.29 – 1.30.29
• RedHat / policycoreutils1.30.30 – 1.30.30
• RedHat / policycoreutils1.30.31 – 1.30.31
• RedHat / policycoreutils1.32 – 1.32
• RedHat / policycoreutils1.33.1 – 1.33.1
• RedHat / policycoreutils1.33.2 – 1.33.2
• RedHat / policycoreutils1.33.3 – 1.33.3
• RedHat / policycoreutils1.33.4 – 1.33.4
• RedHat / policycoreutils1.33.5 – 1.33.5
• RedHat / policycoreutils1.33.6 – 1.33.6
• RedHat / policycoreutils1.33.7 – 1.33.7
• RedHat / policycoreutils1.33.8 – 1.33.8
• RedHat / policycoreutils1.33.9 – 1.33.9
• RedHat / policycoreutils1.33.10 – 1.33.10
• RedHat / policycoreutils1.33.11 – 1.33.11
• RedHat / policycoreutils1.33.12 – 1.33.12
• RedHat / policycoreutils1.33.13 – 1.33.13
• RedHat / policycoreutils1.33.14 – 1.33.14
• RedHat / policycoreutils1.33.15 – 1.33.15
• RedHat / policycoreutils1.33.16 – 1.33.16
• RedHat / policycoreutils1.34.0 – 1.34.0
• RedHat / policycoreutils1.34.1 – 1.34.1
• RedHat / policycoreutils2.0.0 – 2.0.0
• RedHat / policycoreutils2.0.1 – 2.0.1
• RedHat / policycoreutils2.0.2 – 2.0.2
• RedHat / policycoreutils2.0.3 – 2.0.3
• RedHat / policycoreutils2.0.4 – 2.0.4
• RedHat / policycoreutils2.0.5 – 2.0.5
• RedHat / policycoreutils2.0.6 – 2.0.6
• RedHat / policycoreutils2.0.7 – 2.0.7
• RedHat / policycoreutils2.0.8 – 2.0.8
• RedHat / policycoreutils2.0.9 – 2.0.9
• RedHat / policycoreutils2.0.10 – 2.0.10
• RedHat / policycoreutils2.0.11 – 2.0.11
• RedHat / policycoreutils2.0.12 – 2.0.12
• RedHat / policycoreutils2.0.13 – 2.0.13
• RedHat / policycoreutils2.0.14 – 2.0.14
• RedHat / policycoreutils2.0.15 – 2.0.15
• RedHat / policycoreutils2.0.16 – 2.0.16
• RedHat / policycoreutils2.0.17 – 2.0.17
• RedHat / policycoreutils2.0.18 – 2.0.18
• RedHat / policycoreutils2.0.19 – 2.0.19
• RedHat / policycoreutils2.0.20 – 2.0.20
• RedHat / policycoreutils2.0.21 – 2.0.21
• RedHat / policycoreutils2.0.22 – 2.0.22
• RedHat / policycoreutils2.0.23 – 2.0.23
• RedHat / policycoreutils2.0.24 – 2.0.24
• RedHat / policycoreutils2.0.25 – 2.0.25
• RedHat / policycoreutils2.0.26 – 2.0.26
• RedHat / policycoreutils2.0.27 – 2.0.27
• RedHat / policycoreutils2.0.28 – 2.0.28
• RedHat / policycoreutils2.0.29 – 2.0.29
• RedHat / policycoreutils2.0.30 – 2.0.30
• RedHat / policycoreutils2.0.31 – 2.0.31
• RedHat / policycoreutils2.0.32 – 2.0.32
• RedHat / policycoreutils2.0.33 – 2.0.33
• RedHat / policycoreutils2.0.34 – 2.0.34
• RedHat / policycoreutils2.0.35 – 2.0.35
• RedHat / policycoreutils2.0.36 – 2.0.36
• RedHat / policycoreutils2.0.37 – 2.0.37
• RedHat / policycoreutils2.0.38 – 2.0.38
• RedHat / policycoreutils2.0.39 – 2.0.39
• RedHat / policycoreutils2.0.40 – 2.0.40
• RedHat / policycoreutils2.0.41 – 2.0.41
• RedHat / policycoreutils2.0.42 – 2.0.42
• RedHat / policycoreutils2.0.43 – 2.0.43
• RedHat / policycoreutils2.0.44 – 2.0.44
• RedHat / policycoreutils2.0.45 – 2.0.45
• RedHat / policycoreutils2.0.46 – 2.0.46
• RedHat / policycoreutils2.0.47 – 2.0.47
• RedHat / policycoreutils2.0.48 – 2.0.48
• RedHat / policycoreutils2.0.49 – 2.0.49
• RedHat / policycoreutils2.0.50 – 2.0.50
• RedHat / policycoreutils2.0.51 – 2.0.51
• RedHat / policycoreutils2.0.52 – 2.0.52
• RedHat / policycoreutils2.0.53 – 2.0.53
• RedHat / policycoreutils2.0.54 – 2.0.54
• RedHat / policycoreutils2.0.55 – 2.0.55
• RedHat / policycoreutils2.0.56 – 2.0.56
• RedHat / policycoreutils2.0.57 – 2.0.57
• RedHat / policycoreutils2.0.58 – 2.0.58
• RedHat / policycoreutils2.0.59 – 2.0.59
• RedHat / policycoreutils2.0.60 – 2.0.60
• RedHat / policycoreutils2.0.83
• RedHat / policycoreutils2.0.62 – 2.0.62
• RedHat / policycoreutils2.0.63 – 2.0.63
• RedHat / policycoreutils2.0.64 – 2.0.64
• RedHat / policycoreutils2.0.65 – 2.0.65
• RedHat / policycoreutils2.0.66 – 2.0.66
• RedHat / policycoreutils2.0.67 – 2.0.67
• RedHat / policycoreutils2.0.68 – 2.0.68
• RedHat / policycoreutils2.0.69 – 2.0.69
• RedHat / policycoreutils2.0.70 – 2.0.70
• RedHat / policycoreutils2.0.71 – 2.0.71
• RedHat / policycoreutils2.0.72 – 2.0.72
• RedHat / policycoreutils2.0.73 – 2.0.73
• RedHat / policycoreutils2.0.74 – 2.0.74
• RedHat / policycoreutils2.0.75 – 2.0.75
• RedHat / policycoreutils2.0.76 – 2.0.76
• RedHat / policycoreutils2.0.77 – 2.0.77
• RedHat / policycoreutils2.0.78 – 2.0.78
• RedHat / policycoreutils2.0.79 – 2.0.79
• RedHat / policycoreutils2.0.80 – 2.0.80
• RedHat / policycoreutils2.0.81 – 2.0.81
• RedHat / policycoreutils2.0.82 – 2.0.82
• RedHat / policycoreutils2.0.61 – 2.0.61
• RedHat / policycoreutils1.0 – 1.0
• RedHat / policycoreutils1.1 – 1.1
• RedHat / policycoreutils1.2 – 1.2
• RedHat / policycoreutils1.4 – 1.4
• RedHat / policycoreutils1.6 – 1.6
• RedHat / policycoreutils1.8 – 1.8
• RedHat / policycoreutils1.10 – 1.10
• RedHat / policycoreutils1.12 – 1.12
• RedHat / policycoreutils1.14 – 1.14
• RedHat / policycoreutils1.16 – 1.16
• RedHat / policycoreutils1.18 – 1.18

References

• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=633544
• VENDOR_ADVISORYhttp://secunia.com/advisories/44034
• MISChttp://archives.neohapsis.com/archives/fulldisclosure/2011-02/0585.html
• MISChttp://www.securitytracker.com/id?1025291
• MISChttp://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git%3Ba=blob%3Bf=policycoreutils-rhat.patch%3Bh=d4db5bc06027de23d12a4b3f18fa6f9b1517df27%3Bhb=HEAD#l2197
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/65641
• VENDOR_ADVISORYhttp://secunia.com/advisories/43844
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0701
• MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056227.html
• MISChttp://www.redhat.com/support/errata/RHSA-2011-0414.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0864
• MISChttp://www.securityfocus.com/bid/46510
• MAILING_LISThttp://openwall.com/lists/oss-security/2011/02/23/1
• VENDOR_ADVISORYhttp://secunia.com/advisories/43415
• MAILING_LISThttp://openwall.com/lists/oss-security/2011/02/23/2