Opened 16 years ago
Closed 16 years ago
#3444 closed defect (fixed)
Privilege Escalation
| Reported by: | Mike Frysinger | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | Linux |
Description (last modified by )
description of this report deleted
Change History (7)
comment:2 by , 16 years ago
| Description: | modified (diff) |
|---|---|
| Summary: | privilege escalation due to DT_RPATH:$ORIGIN and set*id → Privilege Escalation |
comment:3 by , 16 years ago
This bug applies only to the Linux .run packages (no other host architecture and no .deb/.rpm package). We replaced the .run 2.0.6 and 2.1.4 .run packages. You will find the updated builds as well as updated OSE archives at the download page.
A more detailed report will follow.
comment:4 by , 16 years ago
OSE seems to encourage $ORIGIN usage too ... at least on Debian systems, apt-get install virtualbox-ose will result in the same issue.
comment:5 by , 16 years ago
Right, this will be fixed when generating new packages using the updated OSE 2.1.4 tarball.
comment:6 by , 16 years ago
comment:7 by , 16 years ago
Btw, Debian/Lenny is not affected as it ships VirtualBox 1.6.6 (without suid binaries).
comment:8 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Thanks for this report, we will fix this ASAP.