libfreebl3.so has got RWE flags in the PT_GNU_STACK ELF header (amd64)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NSS |
Fix Released
|
Medium
|
|||
nss (Ubuntu) |
Fix Released
|
Medium
|
Alexander Sack | ||
Hardy |
Fix Released
|
Medium
|
Alexander Sack | ||
Intrepid |
Fix Released
|
Medium
|
Alexander Sack | ||
Jaunty |
Fix Released
|
Medium
|
Alexander Sack | ||
Karmic |
Fix Released
|
Medium
|
Alexander Sack |
Bug Description
Description: Ubuntu 8.04.3 LTS
Release: 8.04
libnss3-1d version is 3.12.3.
The libfreebl3.so library from the package has got RWE flags in the PT_GNU_STACK ELF header:
$ readelf -l /usr/lib/
Elf file type is DYN (Shared object file)
Entry point 0x2f40
There are 5 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
LOAD 0x0000000000055b28 0x0000000000255b28 0x0000000000255b28
DYNAMIC 0x00000000000563a0 0x00000000002563a0 0x00000000002563a0
GNU_EH_FRAME 0x00000000000509e0 0x00000000000509e0 0x00000000000509e0
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
In consequence, glibc ld.so creates all stack allocated by the library with rwe flags unnecessarily.
The library can be fixed by issuing
# execstack -c /usr/lib/
but the package should install a non-exploitable library.
Changed in nss (Ubuntu Hardy): | |
assignee: | nobody → Alexander Sack (asac) |
Changed in nss: | |
status: | Unknown → Fix Released |
Changed in nss: | |
importance: | Unknown → Medium |
Created attachment 370674
Patch v1 (checked in)
Patch proposed by Ulrich