iconv libraries not loading

Bug #701783 reported by Kees Cook on 2011-01-12
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
High
Kees Cook

Bug Description

Colin Watson discovered that when running a setuid man, the $ORIGIN DST in the iconv libraries' RPATH does not expand correctly, allowing an attacker to load arbitrary libraries from the literal '$ORIGIN' subdirectory of the man process's current directory.

Kees Cook (kees) on 2011-01-12
visibility: private → public
Changed in eglibc (Ubuntu):
assignee: nobody → Kees Cook (kees)
importance: Undecided → High
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.12.1-0ubuntu13

---------------
eglibc (2.12.1-0ubuntu13) natty; urgency=low

  * SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
    - debian/patches/any/submitted-origin.diff: refresh with new
      proposed solution, avoiding iconv issues (LP: #701783).
 -- Kees Cook <email address hidden> Tue, 11 Jan 2011 22:45:54 -0800

Changed in eglibc (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers