This is the mail archive of the cygwin-announce mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

CVE-2016-3067: network privilege escalation in Cygwin set(e)uid

In versions of Cygwin prior to 2.5.0, a process which switched user contexts on a system where neither the Cygwin LSA module was enabled, nor the user password stored thereon with 'passwd -R', would retain the network credentials of the original user context even after switching. In the case of system services, such as a user which logged into a Cygwin SSHD or a command run from a cronjob, this would allow access to networks shares to which the system service account (normally 'cyg_server', which is in the Administrators group) has access but to which the user would otherwise be denied.

This issue was reported[1][2] by David Willis on 2016-Feb-08 and a fix committed[3] to the upstream repository by Corinna Vinschen on 2016-Feb-18. The fix was first included in the 2.5.0-0.4 test release on the same day[4] and in the 2.5.0-1 stable release which shipped[5] on 2016-Apr-11.

Red Hat Product Security has assigned CVE-2016-3067 for this issue.

[2] and thread


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]