Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <822284632.282461.1296749025708.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Thu, 3 Feb 2011 11:03:45 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: glibc CVE-2010-3847 fix regression

Please use CVE-2011-0536.

Thanks.

-- 
    JB

----- Original Message -----
> Hi!
> 
> It seems this does not have any CVE assigned yet...
> 
> The original patch for CVE-2010-3847, as used by multiple vendors,
> introduced a bug in the way $ORIGIN is (not-)expanded when used in ELF
> R*PATH. This could allow a local user to escalate privileges via
> privileged program using a library with $ORIGIN in R*PATH (such as
> certain glibc iconv modules).
> 
> There are at least Debian and Ubuntu advisories addressing this issue:
> http://lists.debian.org/debian-security-announce/2011/msg00005.html
> https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001226.html
> 
> Note that privileged programs that themselves have $ORIGIN in R*PATH
> could have been abused before and are not addressed in the above
> advisories. It's unclear if any distro provides any privileged program
> with such R*PATH though.
> 
> --
> Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.