The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[RHSA-2001:002-03] glibc local write access vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 16 Jan 2001 15:04:00 -0500
From: [email protected]
To: [email protected]
Subject: [RHSA-2001:002-03] glibc local write access vulnerability

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          glibc local write access vulnerability
Advisory ID:       RHSA-2001:002-03
Issue date:        2001-01-15
Updated on:        2001-01-16
Product:           Red Hat Linux
Ключевые слова: , , , , , , , , , glibc, LD_PRELOAD, SEGFAULT_OUTPUT_NAME,  (найти похожие документы)
Cross references:=20=20 Obsoletes:=20=20=20=20=20=20=20=20=20 --------------------------------------------------------------------- 1. Topic: A bug in GNU C Library allows unprivileged user to preload libraries located in /lib or /usr/lib directories into SUID programs even if those libraries have not been marked as such by system administrator. 2. Relevant releases/architectures: Red Hat Linux 6.0 - alpha, i386, sparc, sparcv9 Red Hat Linux 6.1 - alpha, i386, sparc, sparcv9 Red Hat Linux 6.2 - alpha, i386, sparc, sparcv9 3. Problem description: LD_PRELOAD variable is honoured normally even for SUID/SGID applications (but removed afterwards from environment) if it does not contain `/' characters, but there is a special check which only preloads found libraries if they have the SUID bit set. However, if a library has been found in /etc/ld.so.cache, this check was not performed. As a result, a malicious user could preload some /lib or /usr/lib library before SUID/SGID application and create or overwrite a file he did not have permissions to. Also, LD_PROFILE output from SUID programs would go into /var/tmp, making it vulnerable to various link attacks. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 20832 - Unknown system type Nautilus 6. RPMs required: Red Hat Linux 6.0: SRPMS: ftp://updates.redhat.com/6.0/SRPMS/glibc-2.1.3-22.src.rpm ftp://updates.redhat.com/6.0/SRPMS/glibc-2.1.3-22.src.rpm ftp://updates.redhat.com/6.0/SRPMS/glibc-2.1.3-22.src.rpm alpha: ftp://updates.redhat.com/6.0/alpha/glibc-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.0/alpha/glibc-devel-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.0/alpha/glibc-profile-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.0/alpha/nscd-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.0/alpha/nscd-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.0/alpha/nscd-2.1.3-22.alpha.rpm i386: ftp://updates.redhat.com/6.0/i386/glibc-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.0/i386/glibc-devel-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.0/i386/glibc-profile-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.0/i386/nscd-2.1.3-22.i386.rpm sparc: ftp://updates.redhat.com/6.0/sparc/glibc-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.0/sparc/glibc-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.0/sparc/glibc-devel-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.0/sparc/glibc-profile-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.0/sparc/nscd-2.1.3-22.sparc.rpm sparcv9: ftp://updates.redhat.com/6.0/sparcv9/glibc-2.1.3-22.sparcv9.rpm Red Hat Linux 6.1: SRPMS: ftp://updates.redhat.com/6.1/SRPMS/glibc-2.1.3-22.src.rpm alpha: ftp://updates.redhat.com/6.1/alpha/glibc-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.1/alpha/glibc-devel-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.1/alpha/glibc-profile-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.1/alpha/nscd-2.1.3-22.alpha.rpm i386: ftp://updates.redhat.com/6.1/i386/glibc-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.1/i386/glibc-devel-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.1/i386/glibc-profile-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.1/i386/nscd-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.1/i386/nscd-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.1/i386/nscd-2.1.3-22.i386.rpm sparc: ftp://updates.redhat.com/6.1/sparc/glibc-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.1/sparc/glibc-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.1/sparc/glibc-devel-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.1/sparc/glibc-profile-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.1/sparc/glibc-profile-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.1/sparc/glibc-profile-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.1/sparc/nscd-2.1.3-22.sparc.rpm sparcv9: ftp://updates.redhat.com/6.1/sparcv9/glibc-2.1.3-22.sparcv9.rpm Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/SRPMS/glibc-2.1.3-22.src.rpm alpha: ftp://updates.redhat.com/6.2/alpha/glibc-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.2/alpha/glibc-devel-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.2/alpha/glibc-profile-2.1.3-22.alpha.rpm ftp://updates.redhat.com/6.2/alpha/nscd-2.1.3-22.alpha.rpm i386: ftp://updates.redhat.com/6.2/i386/glibc-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.2/i386/glibc-devel-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.2/i386/glibc-profile-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.2/i386/nscd-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.2/i386/nscd-2.1.3-22.i386.rpm ftp://updates.redhat.com/6.2/i386/nscd-2.1.3-22.i386.rpm sparc: ftp://updates.redhat.com/6.2/sparc/glibc-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.2/sparc/glibc-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.2/sparc/glibc-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.2/sparc/glibc-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.2/sparc/glibc-devel-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.2/sparc/glibc-devel-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.2/sparc/glibc-devel-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.2/sparc/glibc-profile-2.1.3-22.sparc.rpm ftp://updates.redhat.com/6.2/sparc/nscd-2.1.3-22.sparc.rpm sparcv9: ftp://updates.redhat.com/6.2/sparcv9/glibc-2.1.3-22.sparcv9.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- ef78f44366467486a0dac8794bc17ab9 6.2/SRPMS/glibc-2.1.3-22.src.rpm b860e2f939f4e6517f4672361d746b38 6.2/i386/nscd-2.1.3-22.i386.rpm e9b9b581fa4eda1a9aa2a5de8b267889 6.2/i386/glibc-profile-2.1.3-22.i386.rpm 2a779a3f6c3b87059cf40686f55dc2f6 6.2/i386/glibc-devel-2.1.3-22.i386.rpm b841df797bf42585476f30b1ba489e30 6.2/i386/glibc-2.1.3-22.i386.rpm e768b72385324280d62b271895261021 6.2/alpha/nscd-2.1.3-22.alpha.rpm 57040728348767ef4475ab82091a3db0 6.2/alpha/glibc-profile-2.1.3-22.alpha.rpm e5a7cf85e50c599a51e7b9ee7d1bc78d 6.2/alpha/glibc-devel-2.1.3-22.alpha.rpm c1edf134c6d5790ce74d7c4272ec8687 6.2/alpha/glibc-2.1.3-22.alpha.rpm 1de8f29192f62e1cc33f76d920e20a1a 6.2/sparcv9/glibc-2.1.3-22.sparcv9.rpm 966d69ca5182a97315e1f7bf5a5b7c30 6.2/sparc/nscd-2.1.3-22.sparc.rpm a611d30013f4f98576aebb58b906c6db 6.2/sparc/glibc-profile-2.1.3-22.sparc.rpm a305bcbf7e6f273c0c9759b622b04509 6.2/sparc/glibc-devel-2.1.3-22.sparc.rpm 74ae10e642a463b053ef531048410330 6.2/sparc/glibc-2.1.3-22.sparc.rpm ef78f44366467486a0dac8794bc17ab9 6.1/SRPMS/glibc-2.1.3-22.src.rpm e768b72385324280d62b271895261021 6.1/alpha/nscd-2.1.3-22.alpha.rpm 57040728348767ef4475ab82091a3db0 6.1/alpha/glibc-profile-2.1.3-22.alpha.rpm e5a7cf85e50c599a51e7b9ee7d1bc78d 6.1/alpha/glibc-devel-2.1.3-22.alpha.rpm c1edf134c6d5790ce74d7c4272ec8687 6.1/alpha/glibc-2.1.3-22.alpha.rpm 1de8f29192f62e1cc33f76d920e20a1a 6.1/sparcv9/glibc-2.1.3-22.sparcv9.rpm 966d69ca5182a97315e1f7bf5a5b7c30 6.1/sparc/nscd-2.1.3-22.sparc.rpm a611d30013f4f98576aebb58b906c6db 6.1/sparc/glibc-profile-2.1.3-22.sparc.rpm a305bcbf7e6f273c0c9759b622b04509 6.1/sparc/glibc-devel-2.1.3-22.sparc.rpm 74ae10e642a463b053ef531048410330 6.1/sparc/glibc-2.1.3-22.sparc.rpm b860e2f939f4e6517f4672361d746b38 6.1/i386/nscd-2.1.3-22.i386.rpm e9b9b581fa4eda1a9aa2a5de8b267889 6.1/i386/glibc-profile-2.1.3-22.i386.rpm 2a779a3f6c3b87059cf40686f55dc2f6 6.1/i386/glibc-devel-2.1.3-22.i386.rpm b841df797bf42585476f30b1ba489e30 6.1/i386/glibc-2.1.3-22.i386.rpm ef78f44366467486a0dac8794bc17ab9 6.0/SRPMS/glibc-2.1.3-22.src.rpm 1de8f29192f62e1cc33f76d920e20a1a 6.0/sparcv9/glibc-2.1.3-22.sparcv9.rpm 966d69ca5182a97315e1f7bf5a5b7c30 6.0/sparc/nscd-2.1.3-22.sparc.rpm a611d30013f4f98576aebb58b906c6db 6.0/sparc/glibc-profile-2.1.3-22.sparc.rpm a305bcbf7e6f273c0c9759b622b04509 6.0/sparc/glibc-devel-2.1.3-22.sparc.rpm 74ae10e642a463b053ef531048410330 6.0/sparc/glibc-2.1.3-22.sparc.rpm b860e2f939f4e6517f4672361d746b38 6.0/i386/nscd-2.1.3-22.i386.rpm e9b9b581fa4eda1a9aa2a5de8b267889 6.0/i386/glibc-profile-2.1.3-22.i386.rpm 2a779a3f6c3b87059cf40686f55dc2f6 6.0/i386/glibc-devel-2.1.3-22.i386.rpm b841df797bf42585476f30b1ba489e30 6.0/i386/glibc-2.1.3-22.i386.rpm e768b72385324280d62b271895261021 6.0/alpha/nscd-2.1.3-22.alpha.rpm 57040728348767ef4475ab82091a3db0 6.0/alpha/glibc-profile-2.1.3-22.alpha.rpm e5a7cf85e50c599a51e7b9ee7d1bc78d 6.0/alpha/glibc-devel-2.1.3-22.alpha.rpm c1edf134c6d5790ce74d7c4272ec8687 6.0/alpha/glibc-2.1.3-22.alpha.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: Copyright(c) 2000, 2001 Red Hat, Inc.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру