Debian Bug report logs - #399508
libflash-mozplugin has rpath to insecure location (/build/buildd/libflash-0.4.13/lib/.libs)

version graph

Package: libflash-mozplugin; Maintainer for libflash-mozplugin is (unknown);

Reported by: Bill Allombert <ballombe@debian.org>

Date: Mon, 20 Nov 2006 09:33:12 UTC

Severity: important

Tags: security

Found in version libflash/0.4.13-8

Fixed in version 0.4.13-9

Done: Andrew Vaughan <ajv-lists@netspace.net.au>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Nobuhiro Iwamatsu <hemamu@t-base.ne.jp>:
Bug#399508; Package libflash-mozplugin. Full text and rfc822 format available.

Acknowledgement sent to Bill Allombert <ballombe@debian.org>:
New Bug report received and forwarded. Copy sent to Nobuhiro Iwamatsu <hemamu@t-base.ne.jp>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bill Allombert <ballombe@debian.org>
To: submit@bugs.debian.org
Subject: libflash-mozplugin has rpath to insecure location (/build/buildd/libflash-0.4.13/lib/.libs)
Date: Mon, 20 Nov 2006 10:29:41 +0100
Package: libflash-mozplugin
Version: 0.4.13-8
Severity: serious
Tags: security

Hello Nobuhiro,

On arm and ia64 at least, libflash-mozplugin includes a binary with a
rpath pointing to /build/buildd/libflash-0.4.13/lib/.libs

%chrpath /usr/lib/mozilla/plugins/libflash-mozplugin.so
/usr/lib/mozilla/plugins/libflash-mozplugin.so: RPATH=/build/buildd/libflash-0.4.13/lib/.libs

This allows an attacker with write access to that directory to add
modified libraries which will be loaded when someone else run
libflash-mozplugin.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large blue swirl here. 



Severity set to `important' from `serious' Request was from Andreas Barth <aba@not.so.argh.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Andrew Vaughan <ajv-lists@netspace.net.au>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Bill Allombert <ballombe@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #12 received at 399508-done@bugs.debian.org (full text, mbox):

From: Andrew Vaughan <ajv-lists@netspace.net.au>
To: 399508-done@bugs.debian.org
Subject: 399508 fixed in libflash 0.4.13-9
Date: Sun, 18 Mar 2007 16:33:16 +1100
Version: 0.4.13-9

Nobuhiro Iwamatsu fixed this in 0.4.13-9.

Unfortunately he typo-ed the Closes line.

libflash (0.4.13-9) unstable; urgency=low 
   * Fix rpath to insecure location (arm/ia64).(Closes :#399508)
   * Add chrpath package to Build-Depends.

 -- Nobuhiro Iwamatsu <hemamu@t-base.ne.jp>  Thu, 30 Nov 2006 21:14:25 +0900 

Andrew V.



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 13:03:42 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 20:49:42 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.