1. Topic:
A bug in GNU C Library allows unprivileged user to preload libraries
located in /lib or /usr/lib directories into SUID programs even if those
libraries have not been marked as such by system administrator.
2. Problem description:
LD_PRELOAD variable is honoured normally even for SUID/SGID applications
(but removed afterwards from environment) if it does not contain `/'
characters, but there is a special check which only preloads found
libraries if they have the SUID bit set. However, if a library has been
found
in /etc/ld.so.cache, this check was not performed. As a result, a
malicious user
could preload some /lib or /usr/lib library before SUID/SGID application
and create or overwrite a file he did not have permissions to.
Also, LD_PROFILE output from SUID programs would go into /var/tmp,
making it vulnerable to various link attacks.
3. Bug IDs fixed: (see bugzilla for more information)
20832 - Unknown system type Nautilus
4. Relevant releases/architectures:
Red Hat Linux 6.0 - alpha, i386, sparc, sparcv9
Red Hat Linux 6.1 - alpha, i386, sparc, sparcv9
Red Hat Linux 6.2 - alpha, i386, sparc, sparcv9
5. RPMs required:
Red Hat Linux 6.0:
SRPMS:
ftp://updates.redhat.com/6.0/en/os/SRPMS/glibc-2.1.3-22.src.rpm
ftp://updates.redhat.com/6.0/en/os/SRPMS/glibc-2.1.3-22.src.rpm
ftp://updates.redhat.com/6.0/en/os/SRPMS/glibc-2.1.3-22.src.rpm
alpha:
ftp://updates.redhat.com/6.0/en/os/alpha/glibc-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.0/en/os/alpha/glibc-devel-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.0/en/os/alpha/glibc-profile-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.0/en/os/alpha/nscd-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.0/en/os/alpha/nscd-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.0/en/os/alpha/nscd-2.1.3-22.alpha.rpm
i386:
ftp://updates.redhat.com/6.0/en/os/i386/glibc-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.0/en/os/i386/glibc-devel-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.0/en/os/i386/glibc-profile-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.0/en/os/i386/nscd-2.1.3-22.i386.rpm
sparc:
ftp://updates.redhat.com/6.0/en/os/sparc/glibc-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.0/en/os/sparc/glibc-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.0/en/os/sparc/glibc-devel-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.0/en/os/sparc/glibc-profile-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.0/en/os/sparc/nscd-2.1.3-22.sparc.rpm
sparcv9:
ftp://updates.redhat.com/6.0/en/os/sparcv9/glibc-2.1.3-22.sparcv9.rpm
Red Hat Linux 6.1:
SRPMS:
ftp://updates.redhat.com/6.1/en/os/SRPMS/glibc-2.1.3-22.src.rpm
alpha:
ftp://updates.redhat.com/6.1/en/os/alpha/glibc-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.1/en/os/alpha/glibc-devel-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.1/en/os/alpha/glibc-profile-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.1/en/os/alpha/nscd-2.1.3-22.alpha.rpm
i386:
ftp://updates.redhat.com/6.1/en/os/i386/glibc-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.1/en/os/i386/glibc-devel-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.1/en/os/i386/glibc-profile-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.1/en/os/i386/nscd-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.1/en/os/i386/nscd-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.1/en/os/i386/nscd-2.1.3-22.i386.rpm
sparc:
ftp://updates.redhat.com/6.1/en/os/sparc/glibc-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.1/en/os/sparc/glibc-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.1/en/os/sparc/glibc-devel-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.1/en/os/sparc/glibc-profile-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.1/en/os/sparc/glibc-profile-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.1/en/os/sparc/glibc-profile-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.1/en/os/sparc/nscd-2.1.3-22.sparc.rpm
sparcv9:
ftp://updates.redhat.com/6.1/en/os/sparcv9/glibc-2.1.3-22.sparcv9.rpm
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/glibc-2.1.3-22.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-devel-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-profile-2.1.3-22.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/nscd-2.1.3-22.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/glibc-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/glibc-devel-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/glibc-profile-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/nscd-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/nscd-2.1.3-22.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/nscd-2.1.3-22.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-devel-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-devel-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-devel-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-profile-2.1.3-22.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/nscd-2.1.3-22.sparc.rpm
sparcv9:
ftp://updates.redhat.com/6.2/en/os/sparcv9/glibc-2.1.3-22.sparcv9.rpm
6. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
7. Verification:
MD5 sum Package Name
-------------------------------------------------------------------------
ef78f44366467486a0dac8794bc17ab9 6.2/en/os/SRPMS/glibc-2.1.3-22.src.rpm
b860e2f939f4e6517f4672361d746b38 6.2/en/os/i386/nscd-2.1.3-22.i386.rpm
e9b9b581fa4eda1a9aa2a5de8b267889 6.2/en/os/i386/glibc-profile-2.1.3-22.i386.rpm
2a779a3f6c3b87059cf40686f55dc2f6 6.2/en/os/i386/glibc-devel-2.1.3-22.i386.rpm
b841df797bf42585476f30b1ba489e30 6.2/en/os/i386/glibc-2.1.3-22.i386.rpm
e768b72385324280d62b271895261021 6.2/en/os/alpha/nscd-2.1.3-22.alpha.rpm
57040728348767ef4475ab82091a3db0 6.2/en/os/alpha/glibc-profile-2.1.3-22.alpha.rpm
e5a7cf85e50c599a51e7b9ee7d1bc78d 6.2/en/os/alpha/glibc-devel-2.1.3-22.alpha.rpm
c1edf134c6d5790ce74d7c4272ec8687 6.2/en/os/alpha/glibc-2.1.3-22.alpha.rpm
1de8f29192f62e1cc33f76d920e20a1a 6.2/en/os/sparcv9/glibc-2.1.3-22.sparcv9.rpm
966d69ca5182a97315e1f7bf5a5b7c30 6.2/en/os/sparc/nscd-2.1.3-22.sparc.rpm
a611d30013f4f98576aebb58b906c6db 6.2/en/os/sparc/glibc-profile-2.1.3-22.sparc.rpm
a305bcbf7e6f273c0c9759b622b04509 6.2/en/os/sparc/glibc-devel-2.1.3-22.sparc.rpm
74ae10e642a463b053ef531048410330 6.2/en/os/sparc/glibc-2.1.3-22.sparc.rpm
ef78f44366467486a0dac8794bc17ab9 6.1/en/os/SRPMS/glibc-2.1.3-22.src.rpm
e768b72385324280d62b271895261021 6.1/en/os/alpha/nscd-2.1.3-22.alpha.rpm
57040728348767ef4475ab82091a3db0 6.1/en/os/alpha/glibc-profile-2.1.3-22.alpha.rpm
e5a7cf85e50c599a51e7b9ee7d1bc78d 6.1/en/os/alpha/glibc-devel-2.1.3-22.alpha.rpm
c1edf134c6d5790ce74d7c4272ec8687 6.1/en/os/alpha/glibc-2.1.3-22.alpha.rpm
1de8f29192f62e1cc33f76d920e20a1a 6.1/en/os/sparcv9/glibc-2.1.3-22.sparcv9.rpm
966d69ca5182a97315e1f7bf5a5b7c30 6.1/en/os/sparc/nscd-2.1.3-22.sparc.rpm
a611d30013f4f98576aebb58b906c6db 6.1/en/os/sparc/glibc-profile-2.1.3-22.sparc.rpm
a305bcbf7e6f273c0c9759b622b04509 6.1/en/os/sparc/glibc-devel-2.1.3-22.sparc.rpm
74ae10e642a463b053ef531048410330 6.1/en/os/sparc/glibc-2.1.3-22.sparc.rpm
b860e2f939f4e6517f4672361d746b38 6.1/en/os/i386/nscd-2.1.3-22.i386.rpm
e9b9b581fa4eda1a9aa2a5de8b267889 6.1/en/os/i386/glibc-profile-2.1.3-22.i386.rpm
2a779a3f6c3b87059cf40686f55dc2f6 6.1/en/os/i386/glibc-devel-2.1.3-22.i386.rpm
b841df797bf42585476f30b1ba489e30 6.1/en/os/i386/glibc-2.1.3-22.i386.rpm
ef78f44366467486a0dac8794bc17ab9 6.0/en/os/SRPMS/glibc-2.1.3-22.src.rpm
1de8f29192f62e1cc33f76d920e20a1a 6.0/en/os/sparcv9/glibc-2.1.3-22.sparcv9.rpm
966d69ca5182a97315e1f7bf5a5b7c30 6.0/en/os/sparc/nscd-2.1.3-22.sparc.rpm
a611d30013f4f98576aebb58b906c6db 6.0/en/os/sparc/glibc-profile-2.1.3-22.sparc.rpm
a305bcbf7e6f273c0c9759b622b04509 6.0/en/os/sparc/glibc-devel-2.1.3-22.sparc.rpm
74ae10e642a463b053ef531048410330 6.0/en/os/sparc/glibc-2.1.3-22.sparc.rpm
b860e2f939f4e6517f4672361d746b38 6.0/en/os/i386/nscd-2.1.3-22.i386.rpm
e9b9b581fa4eda1a9aa2a5de8b267889 6.0/en/os/i386/glibc-profile-2.1.3-22.i386.rpm
2a779a3f6c3b87059cf40686f55dc2f6 6.0/en/os/i386/glibc-devel-2.1.3-22.i386.rpm
b841df797bf42585476f30b1ba489e30 6.0/en/os/i386/glibc-2.1.3-22.i386.rpm
e768b72385324280d62b271895261021 6.0/en/os/alpha/nscd-2.1.3-22.alpha.rpm
57040728348767ef4475ab82091a3db0 6.0/en/os/alpha/glibc-profile-2.1.3-22.alpha.rpm
e5a7cf85e50c599a51e7b9ee7d1bc78d 6.0/en/os/alpha/glibc-devel-2.1.3-22.alpha.rpm
c1edf134c6d5790ce74d7c4272ec8687 6.0/en/os/alpha/glibc-2.1.3-22.alpha.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
http://www.redhat.com/about/contact.html
You can verify each package with the following command: rpm --checksig filename
If you only wish to verify that each package has not been corrupted or tampered with,
examine only the md5sum with the following command: rpm --checksig --nogpg filename
Note that you need RPM >= 3.0 to check GnuPG keys.
8. References:
Copyright © 2000-2002 Red Hat, Inc. |
|
