From: EnGarde Secure Linux
Subject: [ESA-20010508-01] glibc local vulnerability
Date: 08 May 2001 12:14:10 -0400
+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory May 08, 2001 |
| http://www.engardelinux.org/ ESA-20010508-01 |
| |
| Package: glibc |
| Summary: glibc local vulnerability |
+------------------------------------------------------------------------+
EnGarde Secure Linux is a secure distribution of Linux that features
improved access control, host and network intrusion detection, Web
based secure remote management, complete e-commerce using AllCommerce,
and integrated open source security tools.
OVERVIEW
- --------
There is a vulnerability in the version of 'glibc' which shipped with
EnGarde Secure Linux version 1.0.1, which can lead to an unprivileged
user overwriting files they should not be able to.
DETAIL
- ------
During the development of EnGarde Secure Linux 1.0.1, an oversight was
made and one of the 2-1-branch patches were inadvertently excluded from
the final glibc package. This makes the version of glibc which shipped
with 1.0.1 vulnerable to several attacks by leveraging the LD_PRELOAD,
LD_PROFILE, and SEGFAULT_OUTPUT_NAME environment variables.
SOLUTION
- --------
All users of EnGarde should upgrade to the most recent version, as
outlined in this advisory. All updates can be found at:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/
To install the updated package, execute the command:
rpm -Uvh <filename>
To verify the signature of the updated packages, execute the command:
rpm -Kv <filename>
It is recommended to reboot the machine after this updated package is
installed.
UPDATED PACKAGES
- ----------------
Source Packages:
SRPMS/glibc-2.1.3-1.0.3.src.rpm
MD5 Sum: ac34faa24fb2d09c8b6cc870909c594f
Binary Packages:
i386/glibc-2.1.3-1.0.3.i386.rpm
MD5 Sum: 3493eaa74736bd0a5e22027280168f5e
All i686 users should be using the above i386 RPM.
REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
Special thanks go to:
Solar Designer <solar@openwall.com>
glibc's official web site:
http://www.gnu.org/software/glibc/
SecurityFocus Bug ID:
http://www.securityfocus.com/bid/2223
- --------------------------------------------------------------------------
$Id: 2001.05.08-glibc,v 1.1 2001/05/08 16:06:37 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com>
Copyright 2001, Guardian Digital, Inc.
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.