oss-sec mailing list archives
CVE request: multiple libraries getenv() misuse
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 31 May 2011 10:21:33 +0200
Hi, While investigating the libs vs. fscaps issue [1] which showed that most libs need patching in order to work properly with fscaps binaries, it was also found that a lot of libs do not even honour suid binaries correctly. These libs use getenv() to obtain information about configuration/files or plugin directories. These info can be "chosen with care" by attackers to trick the suid programs to execute code as root or do harm otherwise. Among these libs are libudev, libdbus, libhal, libgssglue or libcrypto (openssl). libudev, libdbus, libhal are linked against suid Xorg. libgssglue is linked against mount.nfs. Most of these libs were probably never intented to be linked against suids, but nevertheless they are. Since the issues are all of the same family I would suggest to assign one CVE (or two, if you want to separate missing fscaps checks from euid != uid issue). -s [1] http://www.suse.de/~krahmer/libs-vs-fscaps/ -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team --- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany
Current thread:
- CVE request: multiple libraries getenv() misuse Sebastian Krahmer (May 31)