[LWN Logo]
[Timeline]
Date:         Wed, 24 Jan 2001 13:04:50 -0700
From: Caldera Support Info <sup-info@LOCUTUS4.CALDERASYSTEMS.COM>
Subject:      Security update: CSSA-2001-007.0 glibc security problems
To: BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		glibc security problems
Advisory number: 	CSSA-2001-007.0
Issue date: 		2001 January, 23
Cross reference:
______________________________________________________________________________


1. Problem Description

   The ELF shared library loader that is part of glibc supports
   the LD_PRELOAD environment variable that lets a user request
   that additional shared libraries should be loaded when starting
   a program. Normally, this feature should be disabled for setuid
   applications because of its security implications.

   However, the loader from glibc 2.1.1 and 2.1.3 will honor this
   variable even in setuid applications as long as it doesn't contain
   a slash. As a result, a user can ask that arbitrary libraries from
   ``system'' directories can be loaded (i.e. from those directories
   listed in /etc/ld.so.conf).

   This is a serious security problem and can be exploited to
   overwrite arbitrary files on the system, for instance.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3		All packages previous to
   				glibc-2.1.3-6OL

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder  	glibc-2.1.3-6S

   OpenLinux eDesktop 2.4       All packages previous to
   				glibc-2.1.3-6

3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

   9dc46298c12e4ce5878c449477c8eaaf  RPMS/glibc-2.1.3-6OL.i386.rpm
   314e8df8a22a8a91ebcec87458256631  RPMS/glibc-devel-2.1.3-6OL.i386.rpm
   1abc6e241431080fd8518537c2bfe05c  RPMS/glibc-devel-static-2.1.3-6OL.i386.rpm
   0417ac3f91cdb70844cdcfccfa002df2  RPMS/glibc-localedata-2.1.3-6OL.i386.rpm
   a20d073239a2954eae0e309b904ddf8b  SRPMS/glibc-2.1.3-6OL.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fhv glibc-*i386.rpm

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

   d39b9c6ac5ac1df9e80697378523c5f6  RPMS/glibc-2.1.3-6S.i386.rpm
   e7b5b186cf417d85019cdc8ae4ecd5b7  RPMS/glibc-devel-2.1.3-6S.i386.rpm
   a27c78c47fa17828371af34acafc3116  RPMS/glibc-devel-static-2.1.3-6S.i386.rpm
   02119c37b969a3542902d71c6928509d  RPMS/glibc-localedata-2.1.3-6S.i386.rpm
   b73f5ccb9f77285ee015f04b03d3aeed  SRPMS/glibc-2.1.3-6S.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fvh glibc-*i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

   a858ce863ee8dccaadb68e5be00a9d20  RPMS/glibc-2.1.3-6.i386.rpm
   e92757ff035c8d951667f10b710fa176  RPMS/glibc-devel-2.1.3-6.i386.rpm
   deb77710633dfc7adc464eef059c7b09  RPMS/glibc-devel-static-2.1.3-6.i386.rpm
   2595931b57b6d7023cfdf8216eb33deb  RPMS/glibc-localedata-2.1.3-6.i386.rpm
   050f35604750f406d952bca68ceb128e  SRPMS/glibc-2.1.3-6.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -Fvh glibc-*i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 8730.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.


9. Acknowledgements

   Caldera Systems, Inc. wishes to thank the people at Wirex, and Solar
   Designer, for their input.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6bs4e18sy83A/qfwRAoacAJ4pg2iCCcYSt7hbAFwaGVk2tP+aWwCgrlqy
y7F+KtaXFtG1+DCMtJlpf44=
=WrNu
-----END PGP SIGNATURE-----