Bug#1030168: pesign: CVE-2022-3560: Local privilege escalation on pesign systemd service

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1030168: pesign: CVE-2022-3560: Local privilege escalation on pesign systemd service
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 31 Jan 2023 21:00:58 +0100
Message-id: <[🔎] 167519525839.1544191.11960944398643528965.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1030168@bugs.debian.org

Source: pesign
Version: 0.112-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for pesign.

I'm filling it for now still as severity grave, but feel free to
downgrade if you do not agree on RC level bug. That said, it needs an
unprivileged with access to the pesign user or group.

The code has been substantial refactored upstream, and I think the
issue i still present in the older versions, where the service is
using the pesign-authorize-groups and pesign-authorize-users scripts.

CVE-2022-3560[0]:
| Local privilege escalation on pesign systemd service

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-3560
    https://www.cve.org/CVERecord?id=CVE-2022-3560
[1] https://www.openwall.com/lists/oss-security/2023/01/31/6
[2] https://github.com/rhboot/pesign/commit/d8a8c259994d0278c59b30b41758a8dd0abff998 

Regards,
Salvatore

Reply to:

Prev by Date: Processed: severity of 1030168 is grave
Previous by thread: Processed: severity of 1030168 is grave
Index(es):
- Date
- Thread