martin carpenter

contents

most popular
2012/05/05, updated 2012/12/15
ubuntu unity lens for vim
2010/04/14
ckwtmpx

enlightenment sysactions vulnerability

2014/01/20

tags: enlightenment vulnerability CVE-2014-1845 CVE-2014-1846

summary

The sysactions setuid helper of the Enlightenment window manager was found to not sanitize its environment correctly and to ship with a weak default configuration. This could permit privilege escalation to root.

This was efficiently fixed by the maintainer in under a week, using clearenv(3) where available (and a blacklist where not), and with a tightened default configuration to be adjusted by individual distro maintainers.

timeline