[Bug 648020] New: CVE-2010-3847 reported potentially allowing local privilege escalation
https://bugzilla.novell.com/show_bug.cgi?id=648020 https://bugzilla.novell.com/show_bug.cgi?id=648020#c0 Summary: CVE-2010-3847 reported potentially allowing local privilege escalation Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: Other Status: NEW Keywords: security_vulnerability Severity: Critical Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: aburgemeister@novell.com QAContact: qa@suse.de CC: jshort@novell.com Found By: Security Response Team Services Priority: 40 Blocker: --- +++ This bug was initially created as a clone of Bug #648017 +++ [Cloned for OpenSUSE] OpenSUSE 11.x glibc-2.11.2-3.1.1.x86_64 A vulnerability in the C libraries has been reported. Links and the full contents are included below for convenience: http://seclists.org/fulldisclosure/2010/Oct/257 https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/liblinker-2010-10-18 <quote> Introduction ============ Earlier today, Tavis Ormandy released information about a vulnerability in GNU libc, complete with an exploit that on many systems can give any local user root privileges. (For full details, see the link below.) This vulnerability has been labelled CVE-2010-3847, and is present on many Linux distributions, including RHEL/CentOS/SL 5 (but *not* RHEL 3 and 4 and their derivatives). Vendor patches are not yet available. Details ======= As far as is known, the vulnerability can only be exploited if users can write to a file system that contains binaries with suid root permissions. (Since it is necessary for the attacker to create a hard link to a suid root binary.) This is, for instance, the case if /bin is located on the same filesystem as /tmp (or any other user writable location, like /var/tmp, /home, /var/lib/texmf, and so on). This is unfortunately a common configuration. Mitigation ========== To make it impossible to make the required hard link, directories containing suid/sgid binaries can be made to appear to as separate file systems by doing mount -o bind /sbin /sbin for each such directory. Please note that these commands must be re-run whenever the system is rebooted, for example by adding them to a suitable init script. A baseline list of directories with suid/sgid binaries on a typical RHEL 5 system is: /bin /sbin /usr/bin /usr/libexec /usr/lpp /usr/sbin You should check for any additional site specific locations using a command like find / -type f \( -perm /u+s -o -perm /g+s \) that will list all files with suid/sgid permissions. </quote> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=648020
https://bugzilla.novell.com/show_bug.cgi?id=648020#c
wei wang
https://bugzilla.novell.com/show_bug.cgi?id=648020
https://bugzilla.novell.com/show_bug.cgi?id=648020#c1
--- Comment #1 from Petr Baudis
https://bugzilla.novell.com/show_bug.cgi?id=648020
https://bugzilla.novell.com/show_bug.cgi?id=648020#c2
--- Comment #2 from Petr Baudis
https://bugzilla.novell.com/show_bug.cgi?id=648020
https://bugzilla.novell.com/show_bug.cgi?id=648020#c3
--- Comment #3 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=648020
https://bugzilla.novell.com/show_bug.cgi?id=648020#c4
--- Comment #4 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=648020
https://bugzilla.novell.com/show_bug.cgi?id=648020#c5
Petr Baudis
participants (1)
-
bugzilla_noreply@novell.com