Bug#583908: marked as done (CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges)
Your message dated Fri, 4 Jun 2010 20:26:35 +0200
with message-id <20100604182635.GA4584@volta.aurel32.net>
and subject line Re: Bug#583908: CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
has caused the Debian Bug report #583908,
regarding CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
583908: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583908
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
- From: Bernd Zeimetz <bzed@debian.org>
- Date: Mon, 31 May 2010 17:27:38 +0200
- Message-id: <20100531152738.18044.6535.reportbug@think.mg.bzed.de>
Package: libc6
Version: 2.7-18lenny2
Severity: grave
Tags: security
Hi,
unfortunately it is not really easy to find proper information about
this issue, especially since the same CVE number is mentaioned in a
Samba related bug (#572953). But as it seems it is possible to gain root
access by injecting newlines into a mount entry or trough a vulnerable
helper.
The fix mentioned in
http://securitytracker.com/alerts/2010/May/1024043.html
is at least missing in stable, I did not check testing/unstable.
Ubuntu released an USN on the 25th which fixes this bug and two other
CVEs: http://www.ubuntu.com/usn/usn-944-1
Cheers,
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprints: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79
ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
--- End Message ---
--- Begin Message ---
- To: Bernd Zeimetz <bzed@debian.org>, 583908-done@bugs.debian.org
- Subject: Re: Bug#583908: CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
- From: Aurelien Jarno <aurelien@aurel32.net>
- Date: Fri, 4 Jun 2010 20:26:35 +0200
- Message-id: <20100604182635.GA4584@volta.aurel32.net>
- In-reply-to: <20100531152738.18044.6535.reportbug@think.mg.bzed.de>
- References: <20100531152738.18044.6535.reportbug@think.mg.bzed.de>
Version: eglibc/2.11.1-1
On Mon, May 31, 2010 at 05:27:38PM +0200, Bernd Zeimetz wrote:
> Package: libc6
> Version: 2.7-18lenny2
> Severity: grave
> Tags: security
>
> Hi,
>
> unfortunately it is not really easy to find proper information about
> this issue, especially since the same CVE number is mentaioned in a
> Samba related bug (#572953). But as it seems it is possible to gain root
> access by injecting newlines into a mount entry or trough a vulnerable
> helper.
>
> The fix mentioned in
> http://securitytracker.com/alerts/2010/May/1024043.html
> is at least missing in stable, I did not check testing/unstable.
> Ubuntu released an USN on the 25th which fixes this bug and two other
> CVEs: http://www.ubuntu.com/usn/usn-944-1
>
This bug has been fixed in eglibc 2.11.1-1
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
--- End Message ---
Reply to: