Bug#812512: [Pkg-utopia-maintainers] Bug#812512: pkexec tty hijacking via TIOCSTI ioctl

2024-02-25 Thread Alban Browaeys
On Sun, 13 Jun 2021 17:10:59 -0700 argv minus one wrote: > On Sun, Jun 13, 2021, 6:14 AM Michael Biebl wrote: > > > Hm, I'm not seeing a patch there. Do you maybe have link to this kernel > > patch? > > > > No, sorry. The existence of such a patch is implied by [1], and there was > an unsuccess

Bug#812512: [Pkg-utopia-maintainers] Bug#812512: pkexec tty hijacking via TIOCSTI ioctl

2021-06-13 Thread argv minus one
On Sun, Jun 13, 2021, 6:14 AM Michael Biebl wrote: > Hm, I'm not seeing a patch there. Do you maybe have link to this kernel > patch? > No, sorry. The existence of such a patch is implied by [1], and there was an unsuccessful attempt to merge such a patch into upstream Linux [2], but that's all

Bug#812512: [Pkg-utopia-maintainers] Bug#812512: pkexec tty hijacking via TIOCSTI ioctl

2021-06-13 Thread Michael Biebl
Am 13.06.2021 um 04:24 schrieb argv minus one: Upstream has decided not to fix this vulnerability [1]. Apparently they're using a Linux kernel patch that makes TIOCSTI require CAP_SYS_ADMIN [2] [2] https://bugzilla.redhat.com/show_bug.cgi?id=1299955#c1

Bug#812512: pkexec tty hijacking via TIOCSTI ioctl

2021-06-12 Thread argv minus one
Upstream has decided not to fix this vulnerability [1]. Apparently they're using a Linux kernel patch that makes TIOCSTI require CAP_SYS_ADMIN [2], making this vulnerability impossible to exploit, but the Debian kernel sources don't seem to contain such a capability check, so polkit on Debian is st

Bug#812512: pkexec tty hijacking via TIOCSTI ioctl - CVE-2016-2568

2016-06-07 Thread Adam Maris
CVE (CVE-2016-2568) for this issue was already assigned here: http://seclists.org/oss-sec/2016/q1/443 Regards, -- Adam Mariš, Red Hat Product Security 1CCD 3446 0529 81E3 86AF 2D4C 4869 76E7 BEF0 6BC2

Bug#812512: pkexec tty hijacking via TIOCSTI ioctl

2016-01-24 Thread up201407890
Package: policykit-1 Version: all Severity: important File: /usr/bin/pkexec When executing a program via "pkexec --user nonpriv program" the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing privilege es