Devuan bug report logs -
#268
policykit-1: CVE-2018-19788
Full log
🔗
View this message in rfc822 format
Your message dated Wed, 27 Feb 2019 11:39:41 +0100
with message-id <20190227103941.urykatbuoz26mnoa@katolaz.homeunix.net>
and subject line solved in beowulf
has caused the attached bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Devuan Bugs Owner
(administrator, Devuan bugs database)
--------------------------------------
Received: (at submit) by bugs.devuan.org; 7 Dec 2018 17:43:59 +0000
Return-Path: <bernard+devuan@rosset.net>
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
by fulcanelli with IMAP (fetchmail-6.3.26)
for <debbugs@localhost> (single-drop); Fri, 07 Dec 2018 18:43:59 +0100 (CET)
Received: from mail.rosset.net (rosset.net [62.210.209.186])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 2837BF6093F
for <submit@bugs.devuan.org>; Fri, 7 Dec 2018 18:41:09 +0100 (CET)
Authentication-Results: vm6.ganeti.dyne.org;
dkim=pass (1024-bit key; unprotected) header.d=rosset.net header.i=@rosset.net header.b="w5T9rg5y";
dkim-atps=neutral
Received: by mail.rosset.net (Postfix, from userid 1000)
id B6C2DE0279; Fri, 7 Dec 2018 18:41:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=rosset.net;
s=NetNeutrality; t=1544204468;
bh=Qh2OhVEyGD+yxbVNHnJqf32+SUjphhhTnfoF6byME0E=;
h=From:To:Subject:Date:From;
b=w5T9rg5yEFFmx2XrRekDJMB5hWOh0kIZ+nl9pbmupwIQUADrvIi8UC89aIoPBszD8
eWnzJ2b9V28vdVkkkUIbSN7VeYZgk9xniNPjD3j8PK70OzZrNmrXY68Us0jA/EZD/C
Jl5dGa4OJeWOZXdCcEwz6kAMLdKLRF65W3A7sgQA=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Berbe <bernard+devuan@rosset.net>
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Subject: policykit-1: CVE-2018-19788
Message-ID: <154420446865.5084.8077177848613701893.reportbug@sd-49041.dedibox.fr>
X-Mailer: reportbug 7.1.6+devuan2.1
Date: Fri, 07 Dec 2018 18:41:08 +0100
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org
Package: policykit-1
Version: 0.105-18+devuan2.11
Severity: critical
Dear Maintainer,
Following CVE-2018-19788, it seems the current stable 0.105-18+devuan2.11 is susceptible to the bug in policykit-1 package from upstream, allowing any user with UID > INT_MAX to have access to root commands:
1. service nginx status
-bash: service: command not found
2. sudo useradd -u 4000000000 test
3. sudo -u test service nginx status
nginx is running.
-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 9 (n/a)
Release: 9
Codename: n/a
Architecture: x86_64
Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages policykit-1 depends on:
ii dbus 1.10.26-0+deb9u1
ii libc6 2.24-11+deb9u3
ii libglib2.0-0 2.50.3-2
ii libpam0g 1.1.8-3.6
ii libpolkit-agent-1-0 0.105-18+devuan2.11
ii libpolkit-backend-1-0 0.105-18+devuan2.11
ii libpolkit-gobject-1-0 0.105-18+devuan2.11
policykit-1 recommends no packages.
policykit-1 suggests no packages.
-- no debconf information
---------------------------------------
Received: (at 269-done) by bugs.devuan.org; 27 Feb 2019 10:40:08 +0000
Return-Path: <katolaz@freaknet.org>
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
by fulcanelli with IMAP (fetchmail-6.3.26)
for <debbugs@localhost> (single-drop); Wed, 27 Feb 2019 11:40:08 +0100 (CET)
Received: from [127.0.0.1] (localhost [127.0.0.1])
(Authenticated sender: katolaz@freaknet.org)
with ESMTPSA id 61C9AF604C4
Date: Wed, 27 Feb 2019 11:39:41 +0100
From: KatolaZ <katolaz@freaknet.org>
To: 269-done@bugs.devuan.org
Subject: solved in beowulf
Message-ID: <20190227103941.urykatbuoz26mnoa@katolaz.homeunix.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="vcy6cimoko4p6jrk"
Content-Disposition: inline
User-Agent: NeoMutt/20170113 (1.7.2)
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org
--vcy6cimoko4p6jrk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
This has been solved in policykit-0.105-25+devuan1, available in
beowulf and ceres. Closing.
--vcy6cimoko4p6jrk
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQSOWdaqRF79tKFTPVpfILOuC18GLwUCXHZo7QAKCRBfILOuC18G
L4pkAJ9woTAlntVgxQ7dm4xlGv8/2OVHKwCeLCLHNeynWA/LJjVKmHMGnSnU7Gs=
=yH5+
-----END PGP SIGNATURE-----
--vcy6cimoko4p6jrk--
Send a report that this bug log contains spam.