|
| Current Newswire:
SuSE Security Announcement: shlibs (glibc)Sep 06, 2000, 19:14 (0 Talkback[s])(Other stories by Roman Drahtmueller) Date: Wed, 6 Sep 2000 12:32:37 +0200
SuSE Security Announcement
Package: shlibs (glibc-2.0, glibc-2.1)
Date: Wednesday, September 6th, 2000 12:30 MEST
Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
Vulnerability Type: local root compromise
Severity (1-10): 9
SuSE default package: yes
Other affected systems: all glibc based linux systems, other
Un*x systems
Content of this advisory:
1) security vulnerability resolved: shlibs (glibc)
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, temporary workarounds
3) standard appendix (further information)
1) problem description, brief discussion, solution, upgrade information The glibc implementations in all SuSE distributions starting with SuSE-6.0 have multiple security problems where at least one of them allows any local user to gain root access to the system. a) ld-linux.so.2, the runtime linker, is supposed to clean environment variables that may influence the execution of programs ran by a suid program. Variables of that kind include LD_LIBRARY_PATH and LD_PRELOAD. These variables do not have any effect on the suid application itself since the linker ignores them. However, if the suid program executes another non-suid application without dropping privileges and without cleaning the environment, the LD_* variables would allow an attacker to execute arbitrary code as the effective uid of the calling suid program. There is currently no program in the SuSE distribution known to be susceptible to this problem. b) locale handling portions of the glibc code fails to properly check given environment settings such as the variable LANGUAGE. This could lead to arbitrary code being executed as root, depending on the permissions and ownerships of the program being used for the exploit. c) A bug in the mutex handling code in the shlibs version for SuSE-7.0 could cause multithreaded applications to hang or crash. This has also been fixed. There is only one way to temporarily circumvent the exploit: Disable all suid applications in the system. SuSE provides a updated packages for the vulnerable libraries. It is strongly recommended to upgrade to the latest version found on our ftp server as described below. The update packages remove all currently known security problems in the glibc package. Download the update packages as described below and install the
package with the command `rpm -Fhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command SPECIAL INSTALL INSTRUCTIONS: Note that the complete update consists of three (3) binary rpm packages and one source rpm package per distribution and platform. libc-*.rpm contains the static libraries, libd is the package for the profiling+debugging version of the libraries. If at all possible, keep your machine calm while you perform the update. Execute the following commands after the rpm update has been applied:
/sbin/ldconfig # alternatively, use SuSEconfig
/sbin/init u # will restart init to make a clean shutdown
# possible once needed.
i386 Intel Platform:
SuSE-7.0 SuSE-6.4 SuSE-6.3 SuSE-6.2 SuSE-6.1 Please use the packages from the SuSE-6.1 directory for SuSE-6.0! Sparc Platform: SuSE-7.0: AXP Alpha Platform: SuSE-6.4 SuSE-6.3 SuSE-6.1 PPC Power PC Platform: SuSE-6.4 2) Pending vulnerabilities in SuSE Distributions and Workarounds: This section addresses currently known vulnerabilities in Linux/Unix systems that have not been resolved yet as of the release date of this advisory.
- screen
local root compromise. Update+advisory follows this advisory.
- zope
SuSE distributions before 7.0 do not contain zope as a package.
An updated package for the freshly released SuSE-7.0 is on the way.
- xchat
A fix for the URL handler vulnerabilty is in progress and will
be released within a few days. There is currently no effective
and easy workaround other than removing the package by hand
(`rpm -e xchat'). More information on xchat can be found in
xchat's documentation directory /usr/doc/packages/xchat or
/usr/share/doc/packages/xchat for SuSE-7.0.
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may subscribe: suse-security@suse.com suse-security-announce@suse.com For general information or the frequently asked questions (faq)
send mail to: SuSE's security contact is security@suse.com. Regards, - - | Roman Drahtmüller draht@suse.de // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
|
