Acl
Monthly
Local privilege escalation in the attr package's getfattr and setfattr utilities (versions before 2.6.0) allows an attacker who controls a pathname component to swap it for a symbolic link during directory hierarchy traversal, redirecting attribute operations to arbitrary files. When these utilities are invoked by a privileged process over an attacker-influenced path, the attacker can read or write extended attributes on files outside their authority, leading to escalation to higher privileges. The flaw was reported by VulnCheck; no public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Local privilege escalation in the Linux acl package (libacl/getfacl/setfacl/chacl) before version 2.4.0 lets an unprivileged local user who controls a component of a pathname win a TOCTOU race, redirecting privileged file-ACL operations to arbitrary files. By swapping a path component for a symlink between the lstat() validation and the follow-on stat()/chown()/chmod()/acl_get_file()/acl_set_file() calls, an attacker can manipulate ownership and ACLs on targets they should not control, yielding root-equivalent escalation. No public exploit identified at time of analysis; the issue was reported by VulnCheck and is fixed upstream.
Local privilege escalation in the Linux acl utilities (libacl) before version 2.4.0 arises because the pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() follow symbolic links during ACL read/write operations. An attacker who controls any component of a pathname processed by a privileged caller can substitute a symlink to redirect ACL operations to arbitrary files, manipulating access control lists outside their authority. No public exploit identified at time of analysis, and the issue is not in CISA KEV; risk is gated on a privileged process operating on attacker-influenced paths.
Local privilege escalation in the attr package's getfattr and setfattr utilities (versions before 2.6.0) allows an attacker who controls a pathname component to swap it for a symbolic link during directory hierarchy traversal, redirecting attribute operations to arbitrary files. When these utilities are invoked by a privileged process over an attacker-influenced path, the attacker can read or write extended attributes on files outside their authority, leading to escalation to higher privileges. The flaw was reported by VulnCheck; no public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
Local privilege escalation in the Linux acl package (libacl/getfacl/setfacl/chacl) before version 2.4.0 lets an unprivileged local user who controls a component of a pathname win a TOCTOU race, redirecting privileged file-ACL operations to arbitrary files. By swapping a path component for a symlink between the lstat() validation and the follow-on stat()/chown()/chmod()/acl_get_file()/acl_set_file() calls, an attacker can manipulate ownership and ACLs on targets they should not control, yielding root-equivalent escalation. No public exploit identified at time of analysis; the issue was reported by VulnCheck and is fixed upstream.
Local privilege escalation in the Linux acl utilities (libacl) before version 2.4.0 arises because the pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() follow symbolic links during ACL read/write operations. An attacker who controls any component of a pathname processed by a privileged caller can substitute a symlink to redirect ACL operations to arbitrary files, manipulating access control lists outside their authority. No public exploit identified at time of analysis, and the issue is not in CISA KEV; risk is gated on a privileged process operating on attacker-influenced paths.