oss-sec mailing list archives

Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only)

From: Josh Bressers <bressers () redhat com>
Date: Thu, 26 Aug 2010 18:42:35 -0400 (EDT)

Please use CVE-2010-2953

Thanks.

-- 
    JB


----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:

I discovered that the /usr/bin/couchdb script on Debian/Ubuntu sets
an
insecure LD_LIBRARY_PATH environment variable, such that libraries
from the current directory are loaded.  If a local attacker placed a
maliciously crafted shared library in a directory and an
administrator
were tricked into launching CouchDB from this directory, arbitrary
code execution could be achieved.  This vulnerability is only
triggered when the /usr/bin/couchdb script is executed explicitly,
since the init script (/etc/init.d/couchdb) changes the current
directory before launching CouchDB.

The vulnerability was introduced by Debian patch
"mozjs1.9_ldlibpath.patch" on 3/24/2009.

-Dan

Current thread:

CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Dan Rosenberg (Aug 25)
- Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Tomas Hoger (Aug 26)
- Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Josh Bressers (Aug 26)
  - Hardening the linker (was Re: [oss-security] CVE request: CouchDB insecure library loading (Debian/Ubuntu only)) Tim Brown (Aug 29)