oss-sec mailing list archives
Re: CVE request: glibc CVE-2010-3847 fix regression
From: Josh Bressers <bressers () redhat com>
Date: Thu, 3 Feb 2011 11:03:45 -0500 (EST)
Please use CVE-2011-0536. Thanks. -- JB ----- Original Message -----
Hi! It seems this does not have any CVE assigned yet... The original patch for CVE-2010-3847, as used by multiple vendors, introduced a bug in the way $ORIGIN is (not-)expanded when used in ELF R*PATH. This could allow a local user to escalate privileges via privileged program using a library with $ORIGIN in R*PATH (such as certain glibc iconv modules). There are at least Debian and Ubuntu advisories addressing this issue: http://lists.debian.org/debian-security-announce/2011/msg00005.html https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001226.html Note that privileged programs that themselves have $ORIGIN in R*PATH could have been abused before and are not addressed in the above advisories. It's unclear if any distro provides any privileged program with such R*PATH though. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request: glibc CVE-2010-3847 fix regression Tomas Hoger (Feb 01)
- Re: CVE request: glibc CVE-2010-3847 fix regression Josh Bressers (Feb 03)