martin carpenter

contents

contact
blog
2022/01/31
determining password dump origin using n-grams
2015/07/01
escape from ansible
2015/06/24
solaris elfsign vulnerability
2014/10/22
metasploiting nrpe
2014/01/24
readable setuid cores in desktop ubuntu
2014/01/20
enlightenment sysactions vulnerability
most popular
2013/10/22
extracting openssl private keys from core dumps
2013/03/25
john the ripper, cuda, ubuntu
2012/05/05, updated 2012/12/15
ubuntu unity lens for vim
2010/03/11
twofish.rb: pure ruby twofish gem
2010/04/14
ckwtmpx

enlightenment sysactions vulnerability

2014/01/20

tags: enlightenment vulnerability CVE-2014-1845 CVE-2014-1846

summary

The sysactions setuid helper of the Enlightenment window manager was found to not sanitize its environment correctly and to ship with a weak default configuration. This could permit privilege escalation to root.

This was efficiently fixed by the maintainer in under a week, using clearenv(3) where available (and a blacklist where not), and with a tightened default configuration to be adjusted by individual distro maintainers.

timeline