glibc local write access vulnerability
| Advisory: | RHSA-2001:002-03 |
|---|---|
| Type: | Security Advisory |
| Severity: | N/A |
| Issued on: | 2001-01-15 |
| Last updated on: | 2001-01-16 |
| Affected Products: | Red Hat Linux 6.2 |
| CVEs (cve.mitre.org): |
CVE-2001-0169 |
Details
A bug in GNU C Library allows unprivileged user to preload libraries
located in /lib or /usr/lib directories into SUID programs even if those
libraries have not been marked as such by system administrator.
LD_PRELOAD variable is honoured normally even for SUID/SGID applications
(but removed afterwards from environment) if it does not contain `/'
characters, but there is a special check which only preloads found
libraries if they have the SUID bit set. However, if a library has been
found
in /etc/ld.so.cache, this check was not performed. As a result, a
malicious user
could preload some /lib or /usr/lib library before SUID/SGID application
and create or overwrite a file he did not have permissions to.
Also, LD_PROFILE output from SUID programs would go into /var/tmp,
making it vulnerable to various link attacks.
Solution
rpm -Fvh [filename]
where filename is the name of the RPM.
Updated packages
| Red Hat Linux 6.2 | |
| SRPMS: | |
| glibc-2.1.3-22.src.rpm File outdated by: RHSA-2002:197 |
MD5: ef78f44366467486a0dac8794bc17ab9 |
| Alpha: | |
| glibc-2.1.3-22.alpha.rpm File outdated by: RHSA-2002:197 |
MD5: c1edf134c6d5790ce74d7c4272ec8687 |
| glibc-devel-2.1.3-22.alpha.rpm File outdated by: RHSA-2002:197 |
MD5: e5a7cf85e50c599a51e7b9ee7d1bc78d |
| glibc-profile-2.1.3-22.alpha.rpm File outdated by: RHSA-2002:197 |
MD5: 57040728348767ef4475ab82091a3db0 |
| nscd-2.1.3-22.alpha.rpm File outdated by: RHSA-2002:197 |
MD5: e768b72385324280d62b271895261021 |
| IA-32: | |
| glibc-2.1.3-22.i386.rpm File outdated by: RHSA-2003:089 |
MD5: b841df797bf42585476f30b1ba489e30 |
| glibc-devel-2.1.3-22.i386.rpm File outdated by: RHSA-2003:089 |
MD5: 2a779a3f6c3b87059cf40686f55dc2f6 |
| glibc-profile-2.1.3-22.i386.rpm File outdated by: RHSA-2003:089 |
MD5: e9b9b581fa4eda1a9aa2a5de8b267889 |
| nscd-2.1.3-22.i386.rpm File outdated by: RHSA-2003:089 |
MD5: b860e2f939f4e6517f4672361d746b38 |
| Sparc: | |
| glibc-2.1.3-22.sparc.rpm File outdated by: RHSA-2002:197 |
MD5: 74ae10e642a463b053ef531048410330 |
| glibc-2.1.3-22.sparcv9.rpm File outdated by: RHSA-2002:197 |
MD5: 1de8f29192f62e1cc33f76d920e20a1a |
| glibc-devel-2.1.3-22.sparc.rpm File outdated by: RHSA-2002:197 |
MD5: a305bcbf7e6f273c0c9759b622b04509 |
| glibc-profile-2.1.3-22.sparc.rpm File outdated by: RHSA-2002:197 |
MD5: a611d30013f4f98576aebb58b906c6db |
| nscd-2.1.3-22.sparc.rpm File outdated by: RHSA-2002:197 |
MD5: 966d69ca5182a97315e1f7bf5a5b7c30 |
References
Keywords
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
