[oss-security] CVE request: glibc CVE-2010-3847 fix regression

From: Tomas Hoger <thoger_at_nospam>
Date: Tue Feb 01 2011 - 14:27:23 GMT
To: OSS Security <oss-security@lists.openwall.com>

Hi!

It seems this does not have any CVE assigned yet...

The original patch for CVE-2010-3847, as used by multiple vendors,
introduced a bug in the way $ORIGIN is (not-)expanded when used in ELF
R*PATH. This could allow a local user to escalate privileges via
privileged program using a library with $ORIGIN in R*PATH (such as
certain glibc iconv modules).

There are at least Debian and Ubuntu advisories addressing this issue:
http://lists.debian.org/debian-security-announce/2011/msg00005.html
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001226.html

Note that privileged programs that themselves have $ORIGIN in R*PATH
could have been abused before and are not addressed in the above
advisories. It's unclear if any distro provides any privileged program
with such R*PATH though.

-- Tomas Hoger / Red Hat Security Response Team

This message: [ Message body ]
Next message: Reed Loden: "[oss-security] CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1"
Previous message: Pierre Joye: "Re: [oss-security] possible flaw in widely used strtod.c implementation"
Next in thread: Josh Bressers: "Re: [oss-security] CVE request: glibc CVE-2010-3847 fix regression"
Reply: Josh Bressers: "Re: [oss-security] CVE request: glibc CVE-2010-3847 fix regression"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]