Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 342685 - glibc -- root escelation security hole
Summary: glibc -- root escelation security hole
Status: RESOLVED DUPLICATE of bug 341755
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: http://forums.funtoo.org/viewtopic.ph...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-26 03:16 UTC by chester moy
Modified: 2010-10-26 04:09 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description chester moy 2010-10-26 03:16:28 UTC
Announced on the Funtoo forums was a security hole in glibc. The test for the vulnerability was to enter this into the terminal as a normal user

umask 0 && LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="lolwhat" /bin/mount

And if one is on an effected system, there would appear a file "lolwhat" that is owned by root. I've tried this on Gentoo with sys-libs/glibc-2.11.2 and this also effects Gentoo

Reproducible: Always

Steps to Reproduce:
1. Open up terminal
2. As a normal user, run this in the terminal
umask 0 && LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="lolwhat" /bin/mount
3. ls -l lolwhat

Actual Results:  
a file is created, and it is owned by root

Expected Results:  
Not sure.. I'm assuming nothing should happen

CVE-2010-3847 and CVE-2010-3856
were mentioned in the Funtoo announcement.

http://seclists.org/fulldisclosure/2010/Oct/257
http://seclists.org/fulldisclosure/2010/Oct/344
Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-10-26 04:09:46 UTC
Please search next time, security bugs are often duplicated! Thanks in advance.

*** This bug has been marked as a duplicate of bug 341755 ***