The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[RHSA-2001:001-05] glibc file read or write access local vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 11 Jan 2001 17:33:00 -0500
From: [email protected]
To: [email protected]
Subject: [RHSA-2001:001-05] glibc file read or write access local vulnerability

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          glibc file read or write access local vulnerability
Advisory ID:       RHSA-2001:001-05
Issue date:        2001-01-11
Updated on:        2001-01-11
Product:           Red Hat Linux
Ключевые слова: , , , , , , , , , glibc, RESOLV_HOST_CONF, LD_PRELOAD,  (найти похожие документы)
Cross references:=20=20 Obsoletes:=20=20=20=20=20=20=20=20=20 --------------------------------------------------------------------- 1. Topic: A couple of bugs in GNU C library 2.2 allow unpriviledged user to read restricted files and preload libraries in /lib and /usr/lib directories into SUID programs even if those libraries have not been marked as such by system administrator. 2. Relevant releases/architectures: Red Hat Linux 7.0 - alpha, alphaev6, i386, i686 3. Problem description: Because of a typo in glibc source RESOLV_HOST_CONF and RES_OPTIONS variables were not removed from environment for SUID/SGID programs. LD_PRELOAD variable is honoured normally even for SUID/SGID applications (but removed afterwards from environment) if it does not contain `/' characters, but there is a special check which only preloads found libraries if they have the SUID bit set. If a library has been found in /etc/ld.so.cache this check was not done though, so malicious user could preload some /lib or /usr/lib library before SUID/SGID application and e.g. create or overwrite a file he did not have permissions to. In addition to fixing these security bugs, some non-security related bugs have been fixed as well, namely RPC behaviour on unconnected UDP sockets with 2.4 kernels, alphaev6 memcpy bug causing random crashes on alphaev6. In addition, this glibc provides a temporary workaround for a bug in IBM JDK 1.1.8. 4. Solution: Pick packages for your architecture and run: rpm -Uvh glibc-[2c]* rpm -Fvh glibc-[dp]* nscd-* 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 18332 - internet programs leave too many connections open 23562 - RESOLV_HOST_CONF can be used to read privileged files 23176 - "forgot to set AF_INET in udp sendmsg" caused by pmap_clnt.c bug 22932 - oracle 8.1.6 installer crashes with glibc-2.2-9.i686.rpm 23012 - RH7 update to glibc 2.2 breaks IBM Java 1.1.8 JDK 22913 - gcc -traditional error on stdio.h 22908 - <sys/cdefs.h> in glibc-devel-2.2-9 cpp warning 22494 - glibc-2.2-9 6. RPMs required: Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/SRPMS/glibc-2.2-12.src.rpm alpha: ftp://updates.redhat.com/7.0/alpha/glibc-2.2-12.alpha.rpm ftp://updates.redhat.com/7.0/alpha/glibc-2.2-12.alpha.rpm ftp://updates.redhat.com/7.0/alpha/glibc-common-2.2-12.alpha.rpm ftp://updates.redhat.com/7.0/alpha/glibc-devel-2.2-12.alpha.rpm ftp://updates.redhat.com/7.0/alpha/glibc-profile-2.2-12.alpha.rpm ftp://updates.redhat.com/7.0/alpha/nscd-2.2-12.alpha.rpm alphaev6: ftp://updates.redhat.com/7.0/alphaev6/glibc-2.2-12.alphaev6.rpm i386: ftp://updates.redhat.com/7.0/i386/glibc-2.2-12.i386.rpm ftp://updates.redhat.com/7.0/i386/glibc-common-2.2-12.i386.rpm ftp://updates.redhat.com/7.0/i386/glibc-devel-2.2-12.i386.rpm ftp://updates.redhat.com/7.0/i386/glibc-profile-2.2-12.i386.rpm ftp://updates.redhat.com/7.0/i386/nscd-2.2-12.i386.rpm i686: ftp://updates.redhat.com/7.0/i686/glibc-2.2-12.i686.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 506da6896f83e3732593bce0debee447 7.0/SRPMS/glibc-2.2-12.src.rpm 8866d4ce4920f300bc8cbba8f0b3a2b1 7.0/i686/glibc-2.2-12.i686.rpm d56ba6b8f82c92b9a872e7ee94c706a9 7.0/i386/nscd-2.2-12.i386.rpm 9891a9d1967be619ca74a1de5d0b1f63 7.0/i386/glibc-profile-2.2-12.i386.rpm 0d0bc7d1cd31c548e474146a7cdfea51 7.0/i386/glibc-devel-2.2-12.i386.rpm b1218c0c2b6f5bd1e161c3158d0418a5 7.0/i386/glibc-common-2.2-12.i386.rpm 91b935bfb0d5fb43394d8557fe754bb4 7.0/i386/glibc-2.2-12.i386.rpm 0cc49503ab78251a7dc02dd70bf20d12 7.0/alphaev6/glibc-2.2-12.alphaev6.rpm 8cf8b2b5c90767e13d1e6a1a210fbdee 7.0/alpha/nscd-2.2-12.alpha.rpm 2aacc6a21da21fdf6a2d3adb8e13074f 7.0/alpha/glibc-profile-2.2-12.alpha.rpm 8b5cf54c20038f7acc08194702225fff 7.0/alpha/glibc-devel-2.2-12.alpha.rpm b5ed7c074ef027b7e4df68b119aa21dc 7.0/alpha/glibc-common-2.2-12.alpha.rpm c62b091dfacc14bcd7b1a19c2b22f34d 7.0/alpha/glibc-2.2-12.alpha.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.securityfocus.com/bid/2181 Copyright(c) 2000 Red Hat, Inc.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру