Debian Bug report logs - #583908
CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges

version graph

Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@lists.debian.org>; Source for libc6 is src:eglibc.

Reported by: Bernd Zeimetz <bzed@debian.org>

Date: Mon, 31 May 2010 15:30:05 UTC

Severity: grave

Tags: security

Found in version glibc/2.7-18lenny2

Done: Aurelien Jarno <aurelien@aurel32.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#583908; Package libc6. (Mon, 31 May 2010 15:30:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bernd Zeimetz <bzed@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 31 May 2010 15:30:08 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bernd Zeimetz <bzed@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
Date: Mon, 31 May 2010 17:27:38 +0200
Package: libc6
Version: 2.7-18lenny2
Severity: grave
Tags: security

Hi,

unfortunately it is not really easy to find proper information about
this issue, especially since the same CVE number is mentaioned in a
Samba related bug (#572953). But as it seems it is possible to gain root
access by injecting newlines into a mount entry or trough a vulnerable
helper.

The fix mentioned in
http://securitytracker.com/alerts/2010/May/1024043.html
is at least missing in stable, I did not check testing/unstable.
Ubuntu released an USN on the 25th which fixes this bug and two other
CVEs: http://www.ubuntu.com/usn/usn-944-1

Cheers,

Bernd


--
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprints: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79
                   ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F




Added tag(s) pending. Request was from Aurelien Jarno <aurel32@alioth.debian.org> to control@bugs.debian.org. (Fri, 04 Jun 2010 16:12:13 GMT) Full text and rfc822 format available.

Reply sent to Aurelien Jarno <aurelien@aurel32.net>:
You have taken responsibility. (Fri, 04 Jun 2010 18:30:06 GMT) Full text and rfc822 format available.

Notification sent to Bernd Zeimetz <bzed@debian.org>:
Bug acknowledged by developer. (Fri, 04 Jun 2010 18:30:06 GMT) Full text and rfc822 format available.

Message #12 received at 583908-done@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Bernd Zeimetz <bzed@debian.org>, 583908-done@bugs.debian.org
Subject: Re: Bug#583908: CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
Date: Fri, 4 Jun 2010 20:26:35 +0200
Version: eglibc/2.11.1-1

On Mon, May 31, 2010 at 05:27:38PM +0200, Bernd Zeimetz wrote:
> Package: libc6
> Version: 2.7-18lenny2
> Severity: grave
> Tags: security
> 
> Hi,
> 
> unfortunately it is not really easy to find proper information about
> this issue, especially since the same CVE number is mentaioned in a
> Samba related bug (#572953). But as it seems it is possible to gain root
> access by injecting newlines into a mount entry or trough a vulnerable
> helper.
> 
> The fix mentioned in
> http://securitytracker.com/alerts/2010/May/1024043.html
> is at least missing in stable, I did not check testing/unstable.
> Ubuntu released an USN on the 25th which fixes this bug and two other
> CVEs: http://www.ubuntu.com/usn/usn-944-1
> 

This bug has been fixed in eglibc 2.11.1-1

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 03 Jul 2010 07:30:48 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 07:55:27 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.