Logcheck: Root privilege escalation — GLSA 202209-10

A vulnerability has been discovered in Logcheck's ebuilds which could allow for root privilege escalation.

Affected packages

app-admin/logcheck on all architectures
Affected versions <= 1.3.23
Unaffected versions

Background

Logcheck mails anomalies in the system logfiles to the administrator.

Description

The pkg_postinst phase of the Logcheck ebuilds recursively chown the /etc/logcheck and /var/lib/logcheck directories. If the logcheck adds hardlinks to other files in these directories, the chown call will follow the link and transfer ownership of any file to the logcheck user.

Impact

A local attacker with access to the logcheck user could escalate to root privileges.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for Logcheck. We recommend that users remove it:

 # emerge --ask --depclean "app-admin/logcheck"
 

References

Release date
September 25, 2022

Latest revision
September 25, 2022: 1

Severity
normal

Exploitable
remote

Bugzilla entries