Date: Thu, 26 Aug 2010 18:42:35 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Please use CVE-2010-2953 Thanks. -- JB ----- "Dan Rosenberg" <dan.j.rosenberg@...il.com> wrote: > I discovered that the /usr/bin/couchdb script on Debian/Ubuntu sets > an > insecure LD_LIBRARY_PATH environment variable, such that libraries > from the current directory are loaded. If a local attacker placed a > maliciously crafted shared library in a directory and an > administrator > were tricked into launching CouchDB from this directory, arbitrary > code execution could be achieved. This vulnerability is only > triggered when the /usr/bin/couchdb script is executed explicitly, > since the init script (/etc/init.d/couchdb) changes the current > directory before launching CouchDB. > > The vulnerability was introduced by Debian patch > "mozjs1.9_ldlibpath.patch" on 3/24/2009. > > -Dan
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ