Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 26 Aug 2010 18:42:35 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: CouchDB insecure library loading
 (Debian/Ubuntu only)

Please use CVE-2010-2953

Thanks.

-- 
    JB


----- "Dan Rosenberg" <dan.j.rosenberg@...il.com> wrote:

> I discovered that the /usr/bin/couchdb script on Debian/Ubuntu sets
> an
> insecure LD_LIBRARY_PATH environment variable, such that libraries
> from the current directory are loaded.  If a local attacker placed a
> maliciously crafted shared library in a directory and an
> administrator
> were tricked into launching CouchDB from this directory, arbitrary
> code execution could be achieved.  This vulnerability is only
> triggered when the /usr/bin/couchdb script is executed explicitly,
> since the init script (/etc/init.d/couchdb) changes the current
> directory before launching CouchDB.
> 
> The vulnerability was introduced by Debian patch
> "mozjs1.9_ldlibpath.patch" on 3/24/2009.
> 
> -Dan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ