CVE-2025-1390

NameCVE-2025-1390
DescriptionThe PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1098318

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libcap2 (PTS)bullseye1:2.44-1vulnerable
bookworm1:2.66-4vulnerable
trixie1:2.66-5vulnerable
sid1:2.73-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libcap2source(unstable)1:2.73-41098318

Notes

[bookworm] - libcap2 <no-dsa> (Minor issue)
https://bugzilla.openanolis.cn/show_bug.cgi?id=18804
Fixed by: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878 (cap/v1.2.74-rc4)
Search for package or bug name: Reporting problems