EGI CSIRT:Alerts/glibc-2011-04-12
Jump to navigation
Jump to search
** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI CSIRT ADVISORY [EGI-ADV-20110412] Title: HIGH risk glibc vulnerability - privilege escalation (CVE-2011-0536) [EGI-ADV-20110412] Date: April 12, 2011 Last update: April 12, 2011 URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/glibc-2011-04-12 * Introduction A flaw has been found in the dynamic linker component of the GNU C library. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program which is dynamically linked to a library with certain properties. This vulnerability affects both RH5 and RH6 and their variants. EGI CSIRT considers this to be a HIGH vulnerability for now and might raise it to CRITICAL if a working exploit is made public Details ======= The fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536) RH security team confirmed that reporter (of this vulnerability) indicated an intention to make exploit public after waiting some time to give users and downstream distros an opportunity to pick up the fix. Mitigation ========== The only known mitigation is to apply the security patch from the software vendor. Recommendations =============== It is STRONGLY recommanded to immediately apply vendor patches when they become available. Vendor patches are now available from * Ubuntu * Debian * RHEL5/6 * SL5/6 To be released: * CentOS5/6 References ========== RedHat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0536 RHEL5 update: https://rhn.redhat.com/errata/RHSA-2011-0412.html RHEL6 update: https://rhn.redhat.com/errata/RHSA-2011-0413.html SL5/6 update: http://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata&T=0&P=583 SLC5 update: http://linux.web.cern.ch/linux/updates/updates-slc5.shtml SLC6 update: http://linux.web.cern.ch/linux/updates/updates-slc6.shtml Debian update: http://lists.debian.org/debian-security-announce/2011/msg00005.html Ubuntu update: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001226.html