FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-12 06:08:27 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1cd565da-455e-41b7-a5b9-86ad8e81e33e	seatd-launch -- remove files with escalated privileges with SUID Kenny Levinsen reports: seatd-launch could use a user-specified socket path instead of the internally generated socket path, and would unlink the socket path before use to guard against collision with leftover sockets. This meant that a caller could freely control what file path would be unlinked and replaced with a user-owned seatd socket for the duration of the session. If seatd-launch had the SUID bit set, this could be used by a malicious user to remove files with the privileges of the owner of seatd-launch, which is likely root, and replace it with a user-owned domain socket. This does not directly allow retrieving the contents of existing files, and the user-owned socket file is at the current time not believed to be directly useful for further exploitation. Discovery 2022-02-21 Entry 2022-02-21 Modified 2022-02-22 seatd >= 0.6.0 lt 0.6.4 https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E CVE-2022-25643
49c35943-0eeb-421c-af4f-78e04582e5fb	seatd-launch -- privilege escalation with SUID Kenny Levinsen reports: seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH. If seatd-launch had the SUID bit set, this could be used by a malicious user with the ability to execute seatd-launch to mount a privilege escalation attack to the owner of seatd-launch, which is likely root. Discovery 2021-09-15 Entry 2021-09-16 Modified 2021-09-18 seatd >= 0.6.0 lt 0.6.2 https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E CVE-2021-41387

VuXML ID

Description

1cd565da-455e-41b7-a5b9-86ad8e81e33e

seatd-launch -- remove files with escalated privileges with SUID

Kenny Levinsen reports:

seatd-launch could use a user-specified socket path instead of the internally generated socket path, and would unlink the socket path before use to guard against collision with leftover sockets. This meant that a caller could freely control what file path would be unlinked and replaced with a user-owned seatd socket for the duration of the session.

If seatd-launch had the SUID bit set, this could be used by a malicious user to remove files with the privileges of the owner of seatd-launch, which is likely root, and replace it with a user-owned domain socket.

This does not directly allow retrieving the contents of existing files, and the user-owned socket file is at the current time not believed to be directly useful for further exploitation.

Discovery 2022-02-21
Entry 2022-02-21
Modified 2022-02-22
seatd

>= 0.6.0 lt 0.6.4

https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
CVE-2022-25643

49c35943-0eeb-421c-af4f-78e04582e5fb

seatd-launch -- privilege escalation with SUID

Kenny Levinsen reports:

seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH.

If seatd-launch had the SUID bit set, this could be used by a malicious user with the ability to execute seatd-launch to mount a privilege escalation attack to the owner of seatd-launch, which is likely root.

Discovery 2021-09-15
Entry 2021-09-16
Modified 2021-09-18
seatd

>= 0.6.0 lt 0.6.2

https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E
CVE-2021-41387