oss-sec mailing list archives
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 17 Oct 2012 13:42:34 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/15/2012 02:50 PM, Raphael Geissert wrote:
Hi, Michael Stapelberg, Tollef Fog Heen, and Michael Biebl discovered that dhclient was setting dhclient-script's PATH to one that included a subdirectory of the build directory[1]. This issue is caused by the way isc-dhcp is packaged in Debian. At least two versions of isc-dhcp for the amd64 (x86_64) architecture in Debian were found two be setting PATH to a subdirectory of /home/zero79/, which would allow a user with such HOME directory to be able to execute code as root. To clarify the bug report: it is not specific to samba or hooks in general, PATH is injected in the environment passed to the execve() call that executes dhclient-script. Since this issue doesn't affect the stable release, there won't be a DSA. This email is just a heads up. [1]http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690532 Cheers,
Was this software released however? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQfwoqAAoJEBYNRVNeJnmTFa4P/iUGrMc3zt23oqMySqzacrkN hzj/zw3xJEFOFZMeTXg2ZUlS3KrUaqolZh6Btlku9EUWVUp+6GudqSE4p/Cr4cL5 fHj2UoTf7X3RjDv8lyqRNbvtJc6eqRBc5iL2UPwXkTFOBA4dHhIV3/PcxoLNLol/ uLYnH7Q6oAa8bJdJYWPo6rh2aMGxR6b2ewXqnVWckOCdrcQD6tfNDHgYji1NC/oh wcdD3AxvYhxlKiI6+mWy548LG8fJ0bYpx020rkYYldJUre0Frn8TjogoxmEDyyWF 2Ohhnl3EmjlxM2l0FyKSmUZxsb4aRLkLHqNAmk6b33U5czoti1zsHqmzvMjAAb+d g9IjNkZu/SSTt1ma8MZHd1LDRcM+6gqydTXcdXeuehTcELE5zKUPo4nUQXVKXnxg CrQDLxRqX0/a6fyc1pLpdWrO0XAHJbCoGdL4nAkI/LlQzQM9K8j9gxkZ4hrWfUwZ 6tbUBqAnglKLVwUhmRmEeKuFSkuoGq2TZeJEbivbqytxyvcmYUzbb+pDdKydnA4o bIFxQ+lMmouQAIGZB+MwrKQ2PGcAPi5DqHaW/ko0o42xlkyhzVy22fFVNh0AgD7y NlUZp181WwBrwg4tRKlFHSG0CYq9aKMXIDZL4EAq9cEV8B0WOf/EsVUT3lrXh0dZ 1JSFcLEl9rje9PawjOfD =xqMN -----END PGP SIGNATURE-----
Current thread:
- CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Raphael Geissert (Oct 15)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Henri Salo (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Moritz Muehlenhoff (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Tim Brown (Oct 20)