CVE-2015-0278 – Mandriva Linux Security Advisory 2015-228

https://notcve.org/view.php?id=CVE-2015-0278

06 May 2015 — libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. libuv anterior a 0.10.34 no cancela correctamente los privilegios de grupo, lo que permite a atacantes dependientes de contexto ganar privilegios a través de vectores no especificados. It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with n... • http://advisories.mageia.org/MGASA-2015-0186.html • CWE-273: Improper Check for Dropped Privileges •