From: EnGarde Secure Linux Subject: [ESA-20010508-01] glibc local vulnerability Date: 08 May 2001 12:14:10 -0400 +------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory May 08, 2001 | | http://www.engardelinux.org/ ESA-20010508-01 | | | | Package: glibc | | Summary: glibc local vulnerability | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, complete e-commerce using AllCommerce, and integrated open source security tools. OVERVIEW - -------- There is a vulnerability in the version of 'glibc' which shipped with EnGarde Secure Linux version 1.0.1, which can lead to an unprivileged user overwriting files they should not be able to. DETAIL - ------ During the development of EnGarde Secure Linux 1.0.1, an oversight was made and one of the 2-1-branch patches were inadvertently excluded from the final glibc package. This makes the version of glibc which shipped with 1.0.1 vulnerable to several attacks by leveraging the LD_PRELOAD, LD_PROFILE, and SEGFAULT_OUTPUT_NAME environment variables. SOLUTION - -------- All users of EnGarde should upgrade to the most recent version, as outlined in this advisory. All updates can be found at: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ To install the updated package, execute the command: rpm -Uvh <filename> To verify the signature of the updated packages, execute the command: rpm -Kv <filename> It is recommended to reboot the machine after this updated package is installed. UPDATED PACKAGES - ---------------- Source Packages: SRPMS/glibc-2.1.3-1.0.3.src.rpm MD5 Sum: ac34faa24fb2d09c8b6cc870909c594f Binary Packages: i386/glibc-2.1.3-1.0.3.i386.rpm MD5 Sum: 3493eaa74736bd0a5e22027280168f5e All i686 users should be using the above i386 RPM. REFERENCES - ---------- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY Special thanks go to: Solar Designer <solar@openwall.com> glibc's official web site: http://www.gnu.org/software/glibc/ SecurityFocus Bug ID: http://www.securityfocus.com/bid/2223 - -------------------------------------------------------------------------- $Id: 2001.05.08-glibc,v 1.1 2001/05/08 16:06:37 rwm Exp $ - -------------------------------------------------------------------------- Author: Ryan W. Maple, <ryan@guardiandigital.com> Copyright 2001, Guardian Digital, Inc.