Date: Tue, 1 Feb 2011 15:27:23 +0100 From: Tomas Hoger <thoger@...hat.com> To: OSS Security <oss-security@...ts.openwall.com> Subject: CVE request: glibc CVE-2010-3847 fix regression Hi! It seems this does not have any CVE assigned yet... The original patch for CVE-2010-3847, as used by multiple vendors, introduced a bug in the way $ORIGIN is (not-)expanded when used in ELF R*PATH. This could allow a local user to escalate privileges via privileged program using a library with $ORIGIN in R*PATH (such as certain glibc iconv modules). There are at least Debian and Ubuntu advisories addressing this issue: http://lists.debian.org/debian-security-announce/2011/msg00005.html https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001226.html Note that privileged programs that themselves have $ORIGIN in R*PATH could have been abused before and are not addressed in the above advisories. It's unclear if any distro provides any privileged program with such R*PATH though. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.