You are here
Home > Preporuke > Ranjivost programskog paketa facter

Ranjivost programskog paketa facter

by ncert - 0

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201412-45
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
http://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: High
Title: Facter: Privilege escalation
Date: December 26, 2014
Bugs: #514476
ID: 201412-45

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

An untrusted search path vulnerability in Facter could lead to local
privilege escalation.

Background
==========

Facter is a cross-platform Ruby library for retrieving facts from
operating systems.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 dev-ruby/facter < 1.7.6 >= 1.7.6

Description
===========

Facter includes the current working directory in the search path.

Impact
======

A local attacker may be able to gain escalated privileges.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Facter users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-ruby/facter-1.7.6”

References
==========

[ 1 ] CVE-2014-3248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3248

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-45.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools – https://gpgtools.org

iQIcBAEBCgAGBQJUnbcoAAoJEHUQoJc5cxF0f1YP+wQ1QxmAz5pOBJM0an8w2bvb
ug3OK44vc/HadGbCzS7qSkgMFKwHKaOHiSbFokWLDsNUIJnDFvPs3mnxLCQhXS+D
mxIq+xiXKwZIhmF39hx7CWQZBjjCzvjJe9M0udvc6JiHgCG4qLIFy7+jdyiTXrsO
SbyoNH/sd4wZJaXLfN1JgKqIjGhMr6bjZ7q427eW5ise6s1/yY90THW5eQ9LTiAi
K41EE2ad2M0kPqlCXqupb9TnCYF3PK/FgDtco5su+FEu3+pR4r2CM0KwTQ1gfwkB
PxtwEbTgrLvgcacGlJEQNgd9Jv19arv/0vkz7nMukSmFsnXLPMGwwQC0KhWTgJhS
qpitin0mVjFGqTAQhGBrY/jzp/pr3LBWTFtPqaQprnePzS4OOMd1Bz6G1OQYuuGd
3wYCe0x9wgQeaD3ADc/Mla7WP3EfpZbi/sE0mOjdCc1nh9MrOLB4PxNKmjKxrzy7
iTVozw41rB+XCI4pS52YxqgQCJ0BCmb3AXwH/p+F+KUPDCKbnMpcArWmIX+0funi
9dAtuJkJaqS+X2GsQQkLbkdQIcxL3SN1vusXjKtIK6sT620XQ7lIwETlbbnqqJJe
e5CkHY2QRf4b4JsoAg4P6jVLYwMyuVTHneFICeOc0Myb7SLFWP2IVshPD1/G3yL/
waL6Uhfio/p/UG6alDob
=7SfC
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Ranjivost programskog paketa policycoreutils

Kod programskog paketa policycoreutils za Gentoo ustanovljena je ranjivost koja lokalnim korisnicima pruža mogućnost stjecanja povišenih privilegija. Ranjivost se nalazila...

Close