CVE-2014-3215

Name of the Vulnerable Software and Affected Versions policycoreutils version 2.2.5 policycoreutils versions prior to 2.2.5-r4

Description The issue concerns a problem where a program executes in a way that alters the relationship between the setuid system call and the getresuid saved set-user-ID value. This makes it easier for local users to gain privileges by exploiting a program that mistakenly expected it could permanently drop privileges. The vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information and can be exploited locally.

Recommendations For policycoreutils version 2.2.5, consider updating to a version newer than 2.2.5-r4 to resolve the issue. For policycoreutils versions prior to 2.2.5-r4, update to version 2.2.5-r4 or newer to fix the problem. As a temporary workaround, consider restricting the use of the setuid system call or the getresuid function to minimize the risk of exploitation.