Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 342685

Summary: glibc -- root escelation security hole
Product: Gentoo Security Reporter: chester moy <somethingsome2000>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: critical    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://forums.funtoo.org/viewtopic.php?id=50
Whiteboard:
Package list:
Runtime testing required: ---

Description chester moy 2010-10-26 03:16:28 UTC 
Announced on the Funtoo forums was a security hole in glibc. The test for the vulnerability was to enter this into the terminal as a normal user

umask 0 && LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="lolwhat" /bin/mount

And if one is on an effected system, there would appear a file "lolwhat" that is owned by root. I've tried this on Gentoo with sys-libs/glibc-2.11.2 and this also effects Gentoo

Reproducible: Always

Steps to Reproduce:
1. Open up terminal
2. As a normal user, run this in the terminal
umask 0 && LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="lolwhat" /bin/mount
3. ls -l lolwhat

Actual Results:  
a file is created, and it is owned by root

Expected Results:  
Not sure.. I'm assuming nothing should happen

CVE-2010-3847 and CVE-2010-3856
were mentioned in the Funtoo announcement.

http://seclists.org/fulldisclosure/2010/Oct/257
http://seclists.org/fulldisclosure/2010/Oct/344
Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2010-10-26 04:09:46 UTC 
Please search next time, security bugs are often duplicated! Thanks in advance.

*** This bug has been marked as a duplicate of bug 341755 ***