The glibc implementations in all SuSE distributions starting with SuSE-6.0 have multiple security problems where at least one of them allows any local user to gain root access to the system.
|
|
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: shlibs (glibc-2.0, glibc-2.1)
Date: Wednesday, September 6th, 2000 12:30 MEST
Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
Vulnerability Type: local root compromise
Severity (1-10): 9
SuSE default package: yes
Other affected systems: all glibc based linux systems, other
Un*x systems
Content of this advisory:
1) security vulnerability resolved: shlibs (glibc)
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, temporary workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The glibc implementations in all SuSE distributions starting with
SuSE-6.0 have multiple security problems where at least one of them
allows any local user to gain root access to the system.
a) ld-linux.so.2, the runtime linker, is supposed to clean environment
variables that may influence the execution of programs ran by a
suid program. Variables of that kind include LD_LIBRARY_PATH and
LD_PRELOAD. These variables do not have any effect on the suid
application itself since the linker ignores them. However, if the
suid program executes another non-suid application without dropping
privileges and without cleaning the environment, the LD_* variables
would allow an attacker to execute arbitrary code as the effective
uid of the calling suid program. There is currently no program in the
SuSE distribution known to be susceptible to this problem.
b) locale handling portions of the glibc code fails to properly check
given environment settings such as the variable LANGUAGE. This could
lead to arbitrary code being executed as root, depending on the
permissions and ownerships of the program being used for the exploit.
c) A bug in the mutex handling code in the shlibs version for SuSE-7.0
could cause multithreaded applications to hang or crash. This has also
been fixed.
There is only one way to temporarily circumvent the exploit: Disable
all suid applications in the system.
SuSE provides a updated packages for the vulnerable libraries. It is
strongly recommended to upgrade to the latest version found on our
ftp server as described below. The update packages remove all currently
known security problems in the glibc package.
Download the update packages as described below and install the
package with the command `rpm -Fhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.
SPECIAL INSTALL INSTRUCTIONS:
Note that the complete update consists of three (3) binary rpm
packages and one source rpm package per distribution and platform.
libc-*.rpm contains the static libraries, libd is the package for
the profiling+debugging version of the libraries.
If at all possible, keep your machine calm while you perform the
update. Execute the following commands after the rpm update has been
applied:
/sbin/ldconfig # alternatively, use SuSEconfig
/sbin/init u # will restart init to make a clean shutdown
# possible once needed.
i386 Intel Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/shlibs-2.1.3-154.i386.rpm
753176172ebf628c6567c70a9b950933
ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/libc-2.1.3-154.i386.rpm
0f0696fc359cdb7b13f40a52d6676f09
ftp://ftp.suse.com/pub/suse/i386/update/7.0/d2/libd-2.1.3-154.i386.rpm
4ca3268f91a9294313cf871e9f7cb8b8
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/libc-2.1.3-154.src.rpm
a6af3232fe6d474d6309c68469c126ec
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/shlibs-2.1.3-154.i386.rpm
150dcb3854b066c021c396b4a0fe25e6
ftp://ftp.suse.com/pub/suse/i386/update/6.4/d1/libc-2.1.3-154.i386.rpm
75c9aef75d6e7e4b196c21bb500d00e0
ftp://ftp.suse.com/pub/suse/i386/update/6.4/d2/libd-2.1.3-154.i386.rpm
47fff508b0b67a82356361aa23c8beae
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/libc-2.1.3-154.src.rpm
bfeaa4e15ecbe1fea986b710152b5fec
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/shlibs-2.1.2-47.i386.rpm
8e88f237414a4d8f96131b17267b4d53
ftp://ftp.suse.com/pub/suse/i386/update/6.3/d1/libc-2.1.2-47.i386.rpm
575bb0c94474add7ae02333cbb77cba0
ftp://ftp.suse.com/pub/suse/i386/update/6.3/d2/libd-2.1.2-47.i386.rpm
8728db143b6393a261aa9060d9321345
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/libc-2.1.2-47.src.rpm
eea1810dceafe5e7f77b4b5137829834
SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/a1/shlibs-2.1.1-29.i386.rpm
78360eddc58f3897a14327d2fa214191
ftp://ftp.suse.com/pub/suse/i386/update/6.2/d1/libc-2.1.1-29.i386.rpm
456cad1d8034d40ebbf8337d1308c4de
ftp://ftp.suse.com/pub/suse/i386/update/6.2/d2/libd-2.1.1-29.i386.rpm
6dccdf557c6d329b40238a1644368564
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/libc-2.1.1-29.src.rpm
cec489c212826cb2dcc65a602da61da3
SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/a1/shlibs-2000.9.5-0.i386.rpm
7a272e7f15fd2dec69401d4c788de015
ftp://ftp.suse.com/pub/suse/i386/update/6.1/d1/libc-2000.9.5-0.i386.rpm
c748944bbe8a55f69478e6ef0bda843a
ftp://ftp.suse.com/pub/suse/i386/update/6.1/d2/libd-2000.9.5-0.i386.rpm
7fce2e2e41b62dc985e48ee31f6dac1c
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/libc-2000.9.5-0.src.rpm
77fa60f5a3a10e02460bd1960b1f78f6
Please use the packages from the SuSE-6.1 directory for SuSE-6.0!
Sparc Platform:
SuSE-7.0:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/shlibs-2.1.3-154.sparc.rpm
1563171d7ee17a3048500afd4424927d
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d1/libc-2.1.3-154.sparc.rpm
a907fbb3e5e48664cadb6b75570e15b2
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d2/libd-2.1.3-154.sparc.rpm
f60071e3a497e3af48078338b3bd6610
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/libc-2.1.3-154.src.rpm
690a34f9ddb6bd6edf41a07d5fba0ad4
AXP Alpha Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/shlibs-2.1.3-154.alpha.rpm
d08a782d1dc1cc406b2141727295befe
ftp://ftp.suse.com/pub/suse/axp/update/6.4/d1/libc-2.1.3-154.alpha.rpm
730c9b3c98f9d243c09ce41c5c4240a5
ftp://ftp.suse.com/pub/suse/axp/update/6.4/d2/libd-2.1.3-154.alpha.rpm
0c2ba3d11a42d84f48b1ee79a15e36b2
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/libc-2.1.3-154.src.rpm
a5f2a207c6f8b179bbd91cea9c96711d
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/a1/shlibs-2.1.2-47.alpha.rpm
afc0ac7f3db066702fbd19bfaa216751
ftp://ftp.suse.com/pub/suse/axp/update/6.3/d1/libc-2.1.2-47.alpha.rpm
3530ef711231a5b378d14fe70e2971f6
ftp://ftp.suse.com/pub/suse/axp/update/6.3/d2/libd-2.1.2-47.alpha.rpm
5836a7a1557046b0c3498b7dec1ee436
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/libc-2.1.2-47.src.rpm
0100769ad09d68563a7540ba73c826d7
SuSE-6.1
ftp://ftp.suse.com/pub/suse/axp/update/6.1/a1/shlibs-2000.9.5-0.alpha.rpm
64c59dcb13069293694faf845446463e
ftp://ftp.suse.com/pub/suse/axp/update/6.1/d1/libc-2000.9.5-0.alpha.rpm
2b8df961dcfb42933cdf298f9229cffd
ftp://ftp.suse.com/pub/suse/axp/update/6.1/d2/libd-2000.9.5-0.alpha.rpm
75dd4bcfb0bf2cc64fe8dd5bfc4a69f0
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/libc-2000.9.5-0.src.rpm
11871baa8279f8c0c79f6c9d95ca531c
PPC Power PC Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/shlibs-2.1.3-154.ppc.rpm
8565cd463e4fbbccc39aa96f1eefdc70
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/d1/libc-2.1.3-154.ppc.rpm
987ed3d338fb7c42083cf6dd2057ce0b
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/d2/libd-2.1.3-154.ppc.rpm
a212f188cf31d55c2016236d2c313cf4
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/libc-2.1.3-154.src.rpm
401b4f2f306a065fb04edd89cd153364
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
This section addresses currently known vulnerabilities in Linux/Unix
systems that have not been resolved yet as of the release date of
this advisory.
- screen
local root compromise. Update+advisory follows this advisory.
- zope
SuSE distributions before 7.0 do not contain zope as a package.
An updated package for the freshly released SuSE-7.0 is on the way.
- xchat
A fix for the URL handler vulnerabilty is in progress and will
be released within a few days. There is currently no effective
and easy workaround other than removing the package by hand
(`rpm -e xchat'). More information on xchat can be found in
xchat's documentation directory /usr/doc/packages/xchat or
/usr/share/doc/packages/xchat for SuSE-7.0.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security@suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe@suse.com>.
suse-security-announce@suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe@suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info@suse.com> or
<suse-security-faq@suse.com> respectively.
===============================================
SuSE's security contact is <security@suse.com>.
===============================================
Regards,
Roman Drahtmüller.
- - --
- -
| Roman Drahtmüller <draht@suse.de> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security@suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12Cg==
=pIeS
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBObYa53ey5gA9JdPZAQHOcwf/Xwz2AsyelEXHA9KA+9/b5ZpEPu0hnySF
KjADn6wLGDGdUBb70IszsIWbxg5XUXkQ4rjmHgE2IXmZG+euD+KW7Y9QPNTGpt5/
JD9lQAaqlqSOFr6/CuD44ZaU/hUGELeMIyG0YDCG27zQwWGigjJwdeyuDeqif0+M
MGDnBqW+GS/LXaLd7Yb4QIocFDKzYFHqGPbYIP3vEAkTpT/gBV6C51E7NBDE8Bwm
3k8PvrHIoq/ovlUEqMbeEETskjMuGQfkUPHfVDV0um96RpsdKEHQIBdCfeMBTe5P
ZL/aLeMwDdN6kKNAeouKDszWz453uXuWo0h8cZCJG2/Z1bNtoEi9Aw==
=iM4f
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.0
: Mon Jun 04 2001 - 18:25:15 PDT
|