Security Advisory glibc file read or write access local vulnerability

Advisory: RHSA-2001:001-06
Type: Security Advisory
Severity: N/A
Issued on: 2001-01-11
Last updated on: 2001-01-12
Affected Products: Red Hat Linux 7.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2001-0170

Details

A couple of bugs in GNU C library 2.2 allow unpriviledged user to read
restricted files and preload libraries in /lib and /usr/lib directories
into SUID programs even if those libraries have not been marked as such
by system administrator.

Because of a typo in glibc source RESOLV_HOST_CONF and RES_OPTIONS
variables were not removed from environment for SUID/SGID programs.
LD_PRELOAD variable is honoured normally even for SUID/SGID applications
(but removed afterwards from environment) if it does not contain `/'
characters, but there is a special check which only preloads found
libraries if they have the SUID bit set. If a library has been found
in /etc/ld.so.cache this check was not done though, so malicious user
could preload some /lib or /usr/lib library before SUID/SGID application
and e.g. create or overwrite a file he did not have permissions to.

In addition to fixing these security bugs, some non-security related bugs
have been fixed as well, namely RPC behaviour on unconnected UDP sockets
with 2.4 kernels, alphaev6 memcpy bug causing random crashes on alphaev6.

In addition, this glibc provides a temporary workaround for a bug in
IBM JDK 1.1.8.


Solution

Pick packages for your architecture and run:

rpm -Uvh glibc-[2c]*
rpm -Fvh glibc-[dp]* nscd-*

Updated packages

Red Hat Linux 7.0
alpha:
ftp://updates.redhat.com/7.0/alpha/glibc-2.2-12.alpha.rpm
Missing file		     c62b091dfacc14bcd7b1a19c2b22f34d
ftp://updates.redhat.com/7.0/alpha/glibc-common-2.2-12.alpha.rpm
Missing file		     b5ed7c074ef027b7e4df68b119aa21dc
ftp://updates.redhat.com/7.0/alpha/glibc-devel-2.2-12.alpha.rpm
Missing file		     8b5cf54c20038f7acc08194702225fff
ftp://updates.redhat.com/7.0/alpha/glibc-profile-2.2-12.alpha.rpm
Missing file		     2aacc6a21da21fdf6a2d3adb8e13074f
ftp://updates.redhat.com/7.0/alpha/nscd-2.2-12.alpha.rpm
Missing file		     8cf8b2b5c90767e13d1e6a1a210fbdee
 
alphaev6:
ftp://updates.redhat.com/7.0/alphaev6/glibc-2.2-12.alphaev6.rpm
Missing file		     0cc49503ab78251a7dc02dd70bf20d12
 
i386:
ftp://updates.redhat.com/7.0/i386/glibc-2.2-12.i386.rpm
Missing file		     91b935bfb0d5fb43394d8557fe754bb4
ftp://updates.redhat.com/7.0/i386/glibc-common-2.2-12.i386.rpm
Missing file		     b1218c0c2b6f5bd1e161c3158d0418a5
ftp://updates.redhat.com/7.0/i386/glibc-devel-2.2-12.i386.rpm
Missing file		     0d0bc7d1cd31c548e474146a7cdfea51
ftp://updates.redhat.com/7.0/i386/glibc-profile-2.2-12.i386.rpm
Missing file		     9891a9d1967be619ca74a1de5d0b1f63
ftp://updates.redhat.com/7.0/i386/nscd-2.2-12.i386.rpm
Missing file		     d56ba6b8f82c92b9a872e7ee94c706a9
 
i686:
ftp://updates.redhat.com/7.0/i686/glibc-2.2-12.i686.rpm
Missing file		     8866d4ce4920f300bc8cbba8f0b3a2b1
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0170
http://www.securityfocus.com/bid/2181

Keywords

LD_PRELOAD

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/