EnGarde Secure Linux Security Advisory: glibc local vulnerability

From:   EnGarde Secure Linux 
Subject:        [ESA-20010508-01] glibc local vulnerability
Date:   08 May 2001 12:14:10 -0400


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                    May 08, 2001 |
| http://www.engardelinux.org/                           ESA-20010508-01 |
|                                                                        |
| Package:  glibc                                                        |
| Summary:  glibc local vulnerability                                    |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.


OVERVIEW
- --------
  There is a vulnerability in the version of 'glibc' which shipped with
  EnGarde Secure Linux version 1.0.1, which can lead to an unprivileged
  user overwriting files they should not be able to.


DETAIL
- ------
  During the development of EnGarde Secure Linux 1.0.1, an oversight was
  made and one of the 2-1-branch patches were inadvertently excluded from
  the final glibc package.  This makes the version of glibc which shipped
  with 1.0.1 vulnerable to several attacks by leveraging the LD_PRELOAD,
  LD_PROFILE, and SEGFAULT_OUTPUT_NAME environment variables.  


SOLUTION
- --------
  All users of EnGarde should upgrade to the most recent version, as
  outlined in this advisory.  All updates can be found at:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/

  To install the updated package, execute the command:

    rpm -Uvh <filename>

  To verify the signature of the updated packages, execute the command:

    rpm -Kv <filename>

  It is recommended to reboot the machine after this updated package is
  installed.


UPDATED PACKAGES
- ----------------

  Source Packages:

    SRPMS/glibc-2.1.3-1.0.3.src.rpm
      MD5 Sum:  ac34faa24fb2d09c8b6cc870909c594f

  Binary Packages:

    i386/glibc-2.1.3-1.0.3.i386.rpm
      MD5 Sum:  3493eaa74736bd0a5e22027280168f5e

    All i686 users should be using the above i386 RPM.


REFERENCES
- ----------

  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  Special thanks go to:
    Solar Designer <solar@openwall.com>

  glibc's official web site:
    http://www.gnu.org/software/glibc/

  SecurityFocus Bug ID:
    http://www.securityfocus.com/bid/2223


- --------------------------------------------------------------------------
$Id: 2001.05.08-glibc,v 1.1 2001/05/08 16:06:37 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com>
Copyright 2001, Guardian Digital, Inc.