FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1cd565da-455e-41b7-a5b9-86ad8e81e33e	seatd-launch -- remove files with escalated privileges with SUID Kenny Levinsen reports: seatd-launch could use a user-specified socket path instead of the internally generated socket path, and would unlink the socket path before use to guard against collision with leftover sockets. This meant that a caller could freely control what file path would be unlinked and replaced with a user-owned seatd socket for the duration of the session. If seatd-launch had the SUID bit set, this could be used by a malicious user to remove files with the privileges of the owner of seatd-launch, which is likely root, and replace it with a user-owned domain socket. This does not directly allow retrieving the contents of existing files, and the user-owned socket file is at the current time not believed to be directly useful for further exploitation. Discovery 2022-02-21 Entry 2022-02-21 Modified 2022-02-22 seatd ge 0.6.0 lt 0.6.4 https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E CVE-2022-25643

VuXML ID

Description

1cd565da-455e-41b7-a5b9-86ad8e81e33e

seatd-launch -- remove files with escalated privileges with SUID

Kenny Levinsen reports:

seatd-launch could use a user-specified socket path instead of the internally generated socket path, and would unlink the socket path before use to guard against collision with leftover sockets. This meant that a caller could freely control what file path would be unlinked and replaced with a user-owned seatd socket for the duration of the session.

If seatd-launch had the SUID bit set, this could be used by a malicious user to remove files with the privileges of the owner of seatd-launch, which is likely root, and replace it with a user-owned domain socket.

This does not directly allow retrieving the contents of existing files, and the user-owned socket file is at the current time not believed to be directly useful for further exploitation.

Discovery 2022-02-21
Entry 2022-02-21
Modified 2022-02-22
seatd

ge 0.6.0 lt 0.6.4

https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
CVE-2022-25643