[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1087697: Mkinitramfs causes machines to fail booting when used with LD_LIBRARY_PATH



On Sun, 17 Nov 2024 14:04:54 +0200 Matan Liber <matan@pentera.io>
wrote:
> Package: initramfs-tools
> Version: 0.136ubuntu6.7
> 
> vulnerability identified in mkinitramfs that could lead to a Denial
of
> Service (DoS) condition on affected systems. Using mkinitramfs with
> the environment variable LD_LIBRARY_PATH causes machines to fail boot
> due to missing libraries in the initramfs images. A full report is
> attached.

This isn't a security vulnerability.  If an attacker can control
LD_LIBRARY_PATH for a user session then they can already cause
arbitrary code to be run as that user.

I may address this as an issue of robustness, but it's not going to
have a high priority.

Ben.

-- 
Ben Hutchings
Any smoothly functioning technology is indistinguishable
from a rigged demo.

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: