Vulnerabilities > CVE-2015-0278 - Improper Check for Dropped Privileges vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-228.NASL description Updated nodejs package fixes security vulnerability : It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges (CVE-2015-0278). The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs. last seen 2020-06-01 modified 2020-06-02 plugin id 83274 published 2015-05-07 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83274 title Mandriva Linux Security Advisory : nodejs (MDVSA-2015:228) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:228. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(83274); script_version("1.4"); script_cvs_date("Date: 2019/08/02 13:32:57"); script_cve_id("CVE-2015-0278"); script_xref(name:"MDVSA", value:"2015:228"); script_name(english:"Mandriva Linux Security Advisory : nodejs (MDVSA-2015:228)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated nodejs package fixes security vulnerability : It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges (CVE-2015-0278). The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2015-0186.html" ); script_set_attribute( attribute:"solution", value:"Update the affected nodejs package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nodejs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"nodejs-0.10.38-1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2015-2313.NASL description # nodejs - tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson) - timers: don last seen 2020-06-05 modified 2015-03-02 plugin id 81584 published 2015-03-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81584 title Fedora 21 : libuv-0.10.34-1.fc21 / nodejs-0.10.36-3.fc21 / v8-3.14.5.10-17.fc21 (2015-2313) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-2313. # include("compat.inc"); if (description) { script_id(81584); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-0278"); script_xref(name:"FEDORA", value:"2015-2313"); script_name(english:"Fedora 21 : libuv-0.10.34-1.fc21 / nodejs-0.10.36-3.fc21 / v8-3.14.5.10-17.fc21 (2015-2313)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "# nodejs - tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson) - timers: don't close interval timers when unrefd (Julien Gilli) - timers: don't mutate unref list while iterating it (Julien Gilli) - child_process: check execFile args is an array (Sam Roberts) - child_process: check fork args is an array (Sam Roberts) - crypto: update root certificates (Ben Noordhuis) - domains: fix issues with abort on uncaught (Julien Gilli) - timers: Avoid linear scan in _unrefActive. (Julien Gilli) - timers: fix unref() memory leak (Trevor Norris) - debugger: fix when using 'use strict' (Julien Gilli) # libuv - linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis) - linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis) - linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis) - linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller) - doc: update project links (Ben Noordhuis) - unix: add flag for blocking SIGPROF during poll (Ben Noordhuis) - unix, windows: add uv_loop_configure() function (Ben Noordhuis) # v8 - Fix debugger and strict mode regression (Julien Gilli) - don't busy loop in cpu profiler thread (Ben Noordhuis) - add api for aborting on uncaught exception (Julien Gilli) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1194651" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b24d9909" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150527.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ea82449a" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150528.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9a1797f1" ); script_set_attribute( attribute:"solution", value:"Update the affected libuv, nodejs and / or v8 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libuv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nodejs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:v8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"libuv-0.10.34-1.fc21")) flag++; if (rpm_check(release:"FC21", reference:"nodejs-0.10.36-3.fc21")) flag++; if (rpm_check(release:"FC21", reference:"v8-3.14.5.10-17.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libuv / nodejs / v8"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_996BCE94D23D11E494639CB654EA3E1C.NASL description Nodejs releases reports : CVE-2015-0278 This may potentially allow an attacker to gain elevated privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 82063 published 2015-03-25 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82063 title FreeBSD : libuv -- incorrect revocation order while relinquishing privileges (996bce94-d23d-11e4-9463-9cb654ea3e1c) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201611-10.NASL description The remote host is affected by the vulnerability described in GLSA-201611-10 (libuv: Privilege escalation) It was discovered that libuv does not call setgroups before calling setuid/setgid. If this is not called, then even though the uid has been dropped, there may still be groups associated that permit superuser privileges. Impact : Context-dependent attackers could escalate privileges via unspecified vectors. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 94936 published 2016-11-17 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94936 title GLSA-201611-10 : libuv: Privilege escalation NASL family Fedora Local Security Checks NASL id FEDORA_2015-2563.NASL description It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-17 plugin id 81840 published 2015-03-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81840 title Fedora 22 : compat-libuv010-0.10.34-1.fc22 (2015-2563) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2310.NASL description # nodejs - tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson) - timers: don last seen 2020-06-05 modified 2015-03-17 plugin id 81839 published 2015-03-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81839 title Fedora 20 : libuv-0.10.34-1.fc20 / nodejs-0.10.36-3.fc20 / v8-3.14.5.10-17.fc20 (2015-2310)
References
- https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html
- https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c
- http://advisories.mageia.org/MGASA-2015-0186.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:228
- https://github.com/libuv/libuv/pull/215
- https://security.gentoo.org/glsa/201611-10
- https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ