Re: CVE request: libgnomesu privilege escalation

[Josh Bressers <bressers () redhat com>]

----- Original Message -----
> Hi,
>
> The /usr/lib/libgnomesu/gnomesu-pam-backend suid binary which belongs
> to the libgnomesu package is not checking setuid() return values.
>
> As a result, two cooperating users, or users with access to guest,
> cgi or web accounts can run arbitrary commands as root very easily.
> Attacker just needs to 'su' to this account where he knows the
> password
> from inside the second account and take care that enough zombie
> processes exist at the target account.
>
> A patch is attached in our bugzilla:
>
> https://bugzilla.novell.com/show_bug.cgi?id=695627


Please use CVE-2011-1946.

Thanks.

-- 
    JB