Public Date:
1095855: CVE-2014-3215 policycoreutils: local privilege escalation via seunshare
A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.

Find out more about CVE-2014-3215 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.9
Base Metrics AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (kernel) RHSA-2015:0864 2015-04-21
Red Hat Enterprise Linux 7 (libcap-ng) RHBA-2015:2161 2015-11-19

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 selinux-policy Not affected
Red Hat Enterprise Linux 7 policycoreutils Not affected
Red Hat Enterprise Linux 6 selinux-policy Will not fix
Red Hat Enterprise Linux 6 policycoreutils Will not fix
Red Hat Enterprise Linux 6 libcap-ng Will not fix
Red Hat Enterprise Linux 5 policycoreutils Will not fix


Red Hat would like to thank Andy Lutomirski for reporting this issue.
Last Modified