iconv libraries not loading

Bug #701783 reported by Kees Cook
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
Fix Released
Kees Cook

Bug Description

Colin Watson discovered that when running a setuid man, the $ORIGIN DST in the iconv libraries' RPATH does not expand correctly, allowing an attacker to load arbitrary libraries from the literal '$ORIGIN' subdirectory of the man process's current directory.

Kees Cook (kees)
visibility: private → public
Changed in eglibc (Ubuntu):
assignee: nobody → Kees Cook (kees)
importance: Undecided → High
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.12.1-0ubuntu13

eglibc (2.12.1-0ubuntu13) natty; urgency=low

  * SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
    - debian/patches/any/submitted-origin.diff: refresh with new
      proposed solution, avoiding iconv issues (LP: #701783).
 -- Kees Cook <email address hidden> Tue, 11 Jan 2011 22:45:54 -0800

Changed in eglibc (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.