* [Buildroot] [PATCH v2] package/openvmtools: fix local privilege escalation vulnerability
@ 2022-10-19 8:56 Stefan Agner
2022-10-30 21:24 ` Thomas Petazzoni via buildroot
2022-11-13 16:02 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Stefan Agner @ 2022-10-19 8:56 UTC (permalink / raw)
To: buildroot; +Cc: giulio.benetti, stefan
Add a patch for CVE-2022-31676 (local privilege escalation
vulnerability).
Signed-off-by: Stefan Agner <stefan@agner.ch>
---
v2: Actually make the patch apply
...uthorization-on-incoming-guestOps-re.patch | 37 +++++++++++++++++++
1 file changed, 37 insertions(+)
create mode 100644 package/openvmtools/0013-Properly-check-authorization-on-incoming-guestOps-re.patch
diff --git a/package/openvmtools/0013-Properly-check-authorization-on-incoming-guestOps-re.patch b/package/openvmtools/0013-Properly-check-authorization-on-incoming-guestOps-re.patch
new file mode 100644
index 0000000000..b2c8995c53
--- /dev/null
+++ b/package/openvmtools/0013-Properly-check-authorization-on-incoming-guestOps-re.patch
@@ -0,0 +1,37 @@
+From bb9f9ffbb151397545f921cee5b6a4933c6eea80 Mon Sep 17 00:00:00 2001
+Message-Id: <bb9f9ffbb151397545f921cee5b6a4933c6eea80.1666169374.git.stefan@agner.ch>
+From: John Wolfe <jwolfe@vmware.com>
+Date: Wed, 10 Aug 2022 06:12:02 -0700
+Subject: [PATCH] Properly check authorization on incoming guestOps requests
+
+Fix public pipe request checks. Only a SessionRequest type should
+be accepted on the public pipe.
+---
+ vgauth/serviceImpl/proto.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/vgauth/serviceImpl/proto.c b/vgauth/serviceImpl/proto.c
+index db7159ee..c4f85b02 100644
+--- a/vgauth/serviceImpl/proto.c
++++ b/vgauth/serviceImpl/proto.c
+@@ -1,5 +1,5 @@
+ /*********************************************************
+- * Copyright (C) 2011-2016,2019-2021 VMware, Inc. All rights reserved.
++ * Copyright (c) 2011-2016,2019-2022 VMware, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published
+@@ -1201,6 +1201,10 @@ Proto_SecurityCheckRequest(ServiceConnection *conn,
+ VGAuthError err;
+ gboolean isSecure = ServiceNetworkIsConnectionPrivateSuperUser(conn);
+
++ if (conn->isPublic && req->reqType != PROTO_REQUEST_SESSION_REQ) {
++ return VGAUTH_E_PERMISSION_DENIED;
++ }
++
+ switch (req->reqType) {
+ /*
+ * This comes over the public connection; alwsys let it through.
+--
+2.38.0
+
--
2.38.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v2] package/openvmtools: fix local privilege escalation vulnerability
2022-10-19 8:56 [Buildroot] [PATCH v2] package/openvmtools: fix local privilege escalation vulnerability Stefan Agner
@ 2022-10-30 21:24 ` Thomas Petazzoni via buildroot
2022-11-13 16:02 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-10-30 21:24 UTC (permalink / raw)
To: Stefan Agner; +Cc: giulio.benetti, buildroot
Hello Stefan,
On Wed, 19 Oct 2022 10:56:16 +0200
Stefan Agner <stefan@agner.ch> wrote:
> Add a patch for CVE-2022-31676 (local privilege escalation
> vulnerability).
>
> Signed-off-by: Stefan Agner <stefan@agner.ch>
> ---
> v2: Actually make the patch apply
I've applied to master, but after:
(1) Adding a reference to the upstream location where the patch was
provided
(2) Adding a OPENVMTOOLS_IGNORE_CVES entry in the .mk file to ignore
the CVE now that it is fixed.
According to our CVE tracking infrastructure, there are 3 other CVEs
affecting openvmtools: CVE-2014-4199, CVE-2014-4200, CVE-2022-22943. Do
you think you could have a look?
Thanks a lot!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v2] package/openvmtools: fix local privilege escalation vulnerability
2022-10-19 8:56 [Buildroot] [PATCH v2] package/openvmtools: fix local privilege escalation vulnerability Stefan Agner
2022-10-30 21:24 ` Thomas Petazzoni via buildroot
@ 2022-11-13 16:02 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-11-13 16:02 UTC (permalink / raw)
To: Stefan Agner; +Cc: giulio.benetti, buildroot
>>>>> "Stefan" == Stefan Agner <stefan@agner.ch> writes:
> Add a patch for CVE-2022-31676 (local privilege escalation
> vulnerability).
> Signed-off-by: Stefan Agner <stefan@agner.ch>
> ---
> v2: Actually make the patch apply
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-13 16:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-19 8:56 [Buildroot] [PATCH v2] package/openvmtools: fix local privilege escalation vulnerability Stefan Agner
2022-10-30 21:24 ` Thomas Petazzoni via buildroot
2022-11-13 16:02 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox