iconv libraries not loading
Bug #701783 reported by
Kees Cook
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eglibc (Ubuntu) |
Fix Released
|
High
|
Kees Cook |
Bug Description
Colin Watson discovered that when running a setuid man, the $ORIGIN DST in the iconv libraries' RPATH does not expand correctly, allowing an attacker to load arbitrary libraries from the literal '$ORIGIN' subdirectory of the man process's current directory.
visibility: | private → public |
Changed in eglibc (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
importance: | Undecided → High |
status: | New → Fix Committed |
To post a comment you must log in.
This bug was fixed in the package eglibc - 2.12.1-0ubuntu13
---------------
eglibc (2.12.1-0ubuntu13) natty; urgency=low
* SECURITY UPDATE: setuid iconv users could load arbitrary libraries. patches/ any/submitted- origin. diff: refresh with new
- debian/
proposed solution, avoiding iconv issues (LP: #701783).
-- Kees Cook <email address hidden> Tue, 11 Jan 2011 22:45:54 -0800