* CVE-2016-3067: network privilege escalation in Cygwin set(e)uid
@ 2016-04-19 19:39 Yaakov Selkowitz
0 siblings, 0 replies; only message in thread
From: Yaakov Selkowitz @ 2016-04-19 19:39 UTC (permalink / raw)
To: cygwin-announce
In versions of Cygwin prior to 2.5.0, a process which switched user
contexts on a system where neither the Cygwin LSA module was enabled,
nor the user password stored thereon with 'passwd -R', would retain the
network credentials of the original user context even after switching.
In the case of system services, such as a user which logged into a
Cygwin SSHD or a command run from a cronjob, this would allow access to
networks shares to which the system service account (normally
'cyg_server', which is in the Administrators group) has access but to
which the user would otherwise be denied.
This issue was reported[1][2] by David Willis on 2016-Feb-08 and a fix
committed[3] to the upstream repository by Corinna Vinschen on
2016-Feb-18. The fix was first included in the 2.5.0-0.4 test release
on the same day[4] and in the 2.5.0-1 stable release which shipped[5] on
2016-Apr-11.
Red Hat Product Security has assigned CVE-2016-3067 for this issue.
[1] https://cygwin.com/ml/cygwin/2016-02/msg00101.html
[2] https://cygwin.com/ml/cygwin/2016-02/msg00129.html and thread
[3]
https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=205862ed08649df8f50b926a2c58c963f571b044
[4] https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html
[5] https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html
--
Yaakov
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-04-19 19:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-19 19:39 CVE-2016-3067: network privilege escalation in Cygwin set(e)uid Yaakov Selkowitz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).