Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 337532 (CVE-2010-3394) - <app-office/texmacs-1.0.7.2-r1: Insecure LD_LIBRARY_PATH setting (CVE-2010-3394)
Summary: <app-office/texmacs-1.0.7.2-r1: Insecure LD_LIBRARY_PATH setting (CVE-2010-3394)
Status: RESOLVED FIXED
Alias: CVE-2010-3394
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks: debian-ldlibpath
  Show dependency tree
 
Reported: 2010-09-15 18:04 UTC by Alex Legler (RETIRED)
Modified: 2014-01-26 01:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Build log (texmacs-1.0.7.2-r1:20110318-204810.log,348.23 KB, text/plain)
2011-03-18 21:24 UTC, Agostino Sarubbo
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2010-09-15 18:04:09 UTC
+++ This bug was initially created as a clone of Bug #337529 +++

/usr/libexec/TeXmacs/bin/tm_mupad_help sets a possibly insecure LD_LIBRARY_PATH value, allowing an attacker to execute arbitrary code by enticing a user to run the application from a specially crafted directory if LD_LIBRARY_PATH is empty before executing it:

alex@neon ~ % grep -n LD_LIBRARY_PATH /usr/libexec/TeXmacs/bin/tm_mupad_help 
29:LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${MuPAD_ROOT_PATH}/${SYSINFO}/lib:/usr/local/X11R6/motif-2.0/lib:/usr/local/X11R6/lib:$MuPAD_ROOT_PATH/$SYSINFO/bin
30:export LD_LIBRARY_PATH

Reported by Raphael Geissert as part of a Debian archive review.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-09-15 18:04:31 UTC
Upstream will be informed soon, waiting for the issues to be published.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-03-15 05:28:58 UTC
The Red Hat bug at https://bugzilla.redhat.com/show_bug.cgi?id=638427 is now  public.
Comment 3 Andrey Grozin gentoo-dev 2011-03-16 08:33:37 UTC
(In reply to comment #2)
> The Red Hat bug at https://bugzilla.redhat.com/show_bug.cgi?id=638427 is now 
> public.
Does this mean I may commit the fix to the tree? The fix is trivial (honestly speaking, I think nobody uses the TeXmacs - MuPAD interface: MuPAD is dead, and I doubt the interface worked with the latest versions of MuPAD before its death; so, the risk is minimal).
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-03-16 13:48:13 UTC
(In reply to comment #3)
> Does this mean I may commit the fix to the tree? 

Yes, please, thank you. I am making this bug public now too.
Comment 5 Andrey Grozin gentoo-dev 2011-03-17 20:23:29 UTC
Fix committed.

Now we have to stabilize 1.0.7.2-r1 as soon as possible, and remove 1.0.7.2. Or, even better, stabilize 1.0.7.10, and remove 1.0.7.2, 1.0.7.2-r1.
Comment 6 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-18 12:14:14 UTC
Thank you. Arches, please stabilize =app-office/texmacs-1.0.7.2-r1

texmacs-1.0.7.10-r1 has an unstable qt4 USE flag, and the ebuild seems to suggest it's not masked. We're going to do a fast-track stabilization here, so let's avoid the trouble now.
Comment 7 Andrey Grozin gentoo-dev 2011-03-18 12:49:44 UTC
(In reply to comment #6)
> texmacs-1.0.7.10-r1 has an unstable qt4 USE flag, and the ebuild seems to
> suggest it's not masked.
Yes, it's not masked for a few versions already. The qt4 port is becoming much better, and is already quite usable. Maybe, it's time to remove the warning from pkg_setup. But the plain X version (-qt4) is still more stable.
Comment 8 Agostino Sarubbo gentoo-dev 2011-03-18 21:24:17 UTC
Created attachment 266397 [details]
Build log

See QA notice
Comment 9 Thomas Kahle (RETIRED) gentoo-dev 2011-03-22 12:12:46 UTC
x86 stable. Thanks.
Comment 10 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-03-23 17:07:51 UTC
ppc stable
Comment 11 Markos Chandras (RETIRED) gentoo-dev 2011-03-24 11:02:45 UTC
amd64 done. I am ignoring the QA issues for now since security problems are of higher priority
Comment 12 Tobias Klausmann (RETIRED) gentoo-dev 2011-03-27 12:01:12 UTC
Stable on alpha.
Comment 13 Andrey Grozin gentoo-dev 2011-03-29 15:39:12 UTC
What does the message

 * QA Notice: The following files contain insecure RUNPATHs
 *  Please file a bug about this at http://bugs.gentoo.org/
 *  with the maintaining herd of the package.
 *  usr/libexec/TeXmacs/bin/texmacs.bin

actually mean? What is RUNPATH? And by what is it determined?
Comment 14 Raúl Porcel (RETIRED) gentoo-dev 2011-04-02 15:45:42 UTC
alpha/sparc stable
Comment 15 Tim Sammut (RETIRED) gentoo-dev 2011-04-02 22:20:46 UTC
Thanks, folks. GLSA request filed.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2014-01-26 01:13:52 UTC
This issue was resolved and addressed in
 GLSA 201401-27 at http://security.gentoo.org/glsa/glsa-201401-27.xml
by GLSA coordinator Sean Amoss (ackle).