On Mon, Jul 14, 2003 at 10:46:17AM +0200, Caspar Bothmer wrote: > Package: glibc > Version: different versions > Distribution: Debian woody, sid, other Non-Debian (SuSE,RH, Gentoo) > Unaffected: Debian potato (at least my installation) > Vulnerable: yes, local, privilege escalation
But is it actually exploitable or do you just see the error message? Glibc will generally resolve the path, and then decide whether it is in a trusted directory or not. For instance, all LD_PRELOAD items with a '/' in them are ignored and only trusted directories are searched. > Reproducible: always > > Behaviour: LD_PRELOAD gets evaluated: > [EMAIL PROTECTED]:~$ LD_PRELOAD=funny /bin/su > /bin/su: error while loading shared libraries: funny: cannot open shared > object file: No such file or directory > [EMAIL PROTECTED]:~$ > > Should be: no evaluation: > [EMAIL PROTECTED]:~$ LD_PRELOAD=funny /bin/su > Password: > > Known problem: reported in 1998, also fix in DSA-039-1, Mar 8, 2001 > > Reported to me by: Sascha Silbe > Initial Bugreport by Sascha Silbe: > http://bugs.gentoo.org/show_bug.cgi?id=24332 > > > Please fix this bug. > > > bye > > caspar -- Daniel Jacobowitz MontaVista Software Debian GNU/Linux Developer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
