[manjaro-security] [ASA-202102-8] opendoas: privilege escalation
Remi Gacogne via arch-security
arch-security at lists.archlinux.org
Fri Feb 12 08:03:46 CET 2021
Arch Linux Security Advisory ASA-202102-8
=========================================
Severity: High
Date : 2021-02-06
CVE-ID : CVE-2019-25016
Package : opendoas
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-1504
Summary
=======
The package opendoas before version 6.8.1-2 is vulnerable to privilege
escalation.
Resolution
==========
Upgrade to 6.8.1-2.
# pacman -Syu "opendoas>=6.8.1-2"
The problem has been fixed upstream in version 6.8.1.
Workaround
==========
None.
Description
===========
A security issue has been found in OpenDoas before 6.8.1, where rules
that allowed the user to execute any command would inherit the
executing user's PATH instead of resetting it to a default PATH. Rules
that limit the user to execute only a specific command are not affected
by this and are only executed from the default PATH and with the PATH
environment variable set to the safe default.
Impact
======
A local user might be able to escalate privileges.
References
==========
https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1
https://github.com/Duncaen/OpenDoas/issues/45
https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d.patch
https://gitlab.alpinelinux.org/alpine/aports/-/blob/9e259950190c924b4a17825aad2d7cee87fbd75b/main/doas/reset-path.patch
https://security.archlinux.org/CVE-2019-25016
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20210212/fdd3efe3/attachment.sig>
More information about the manjaro-security
mailing list