Bug#583908: CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#583908: CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
From: Bernd Zeimetz <bzed@debian.org>
Date: Mon, 31 May 2010 17:27:38 +0200
Message-id: <[🔎] 20100531152738.18044.6535.reportbug@think.mg.bzed.de>
Reply-to: Bernd Zeimetz <bzed@debian.org>, 583908@bugs.debian.org

Package: libc6
Version: 2.7-18lenny2
Severity: grave
Tags: security

Hi,

unfortunately it is not really easy to find proper information about
this issue, especially since the same CVE number is mentaioned in a
Samba related bug (#572953). But as it seems it is possible to gain root
access by injecting newlines into a mount entry or trough a vulnerable
helper.

The fix mentioned in
http://securitytracker.com/alerts/2010/May/1024043.html
is at least missing in stable, I did not check testing/unstable.
Ubuntu released an USN on the 25th which fixes this bug and two other
CVEs: http://www.ubuntu.com/usn/usn-944-1

Cheers,

Bernd


--
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprints: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79
                   ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F

Reply to:

Prev by Date: Bug#583858: libc6-i686: many programs segfaults, including ls, login and dpkg
Next by Date: Bug#583577: closed by Aurelien Jarno <aurelien@aurel32.net> (Re: Bug#583577: libc6: pthread_mutex_timedlock can segfault)
Previous by thread: Bug#583858: libc6-i686: many programs segfaults, including ls, login and dpkg
Next by thread: Bug#583911: libc6: syscall() doesn't support 6 args system calls on alpha
Index(es):
- Date
- Thread