|Main Archive Page > Month Archives > oss-security archives|
It seems this does not have any CVE assigned yet...
The original patch for CVE-2010-3847, as used by multiple vendors,
introduced a bug in the way $ORIGIN is (not-)expanded when used in ELF
R*PATH. This could allow a local user to escalate privileges via
privileged program using a library with $ORIGIN in R*PATH (such as
certain glibc iconv modules).
There are at least Debian and Ubuntu advisories addressing this issue:
Note that privileged programs that themselves have $ORIGIN in R*PATH
could have been abused before and are not addressed in the above
advisories. It's unclear if any distro provides any privileged program
with such R*PATH though.
-- Tomas Hoger / Red Hat Security Response Team