|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2004-0968: glibc: tmp races | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED WORKSFORME | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P3 - Medium | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2004-0968: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | glibc-catchsegv.diff | ||
|
Description
Thomas Biege
2004-10-29 14:56:18 UTC
<!-- SBZ_reproduce --> Von: Martin Pitt <martin.pitt@canonical.com> An: ubuntu-security-announce@lists.ubuntu.com Kopie: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com Betreff: [USN-4-1] Standard C library script vulnerabilities Datum: Thu, 28 Oct 2004 08:06:43 +0200 =========================================================== Ubuntu Security Notice USN-4-1 October 27, 2004 Standard C library script vulnerabilities CAN-2004-0968 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libc6 The problem can be corrected by upgrading the affected package to version 2.3.2.ds1-13ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Recently, Trustix Secure Linux discovered some vulnerabilities in the libc6 package. The utilities "catchsegv" and "glibcbug" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ glibc_2.3.2.ds1-13ubuntu2.2.diff.gz Size/MD5: 1718601 cf6afbc349154329c272077c73ba9179 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ glibc_2.3.2.ds1-13ubuntu2.2.dsc Size/MD5: 1656 4c7cb8a913a57c4719b608c49c2d2b2e http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ glibc_2.3.2.ds1.orig.tar.gz Size/MD5: 13246448 b982bf6ad7ebc8622d3b81d51c44b78a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ glibc-doc_2.3.2.ds1-13ubuntu2.2_all.deb Size/MD5: 3839054 c45aae7010692177a047dc68a0892f7c http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ locales_2.3.2.ds1-13ubuntu2.2_all.deb Size/MD5: 3979842 272da092e74a39c4f15d10ddd1c3c2a0 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-dbg_2.3.2.ds1-13ubuntu2.2_amd64.deb Size/MD5: 9172938 0b62bf67b6b1ea70c2f1dce0a5a72e78 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-dev_2.3.2.ds1-13ubuntu2.2_amd64.deb Size/MD5: 2961890 fca2ae9c057eefebceffc6eef5c44f8c http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-pic_2.3.2.ds1-13ubuntu2.2_amd64.deb Size/MD5: 1318744 cae5a17fbbbf4d454aff91f028ba45bf http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-prof_2.3.2.ds1-13ubuntu2.2_amd64.deb Size/MD5: 2429958 6111ed6e95b4d3106f516a0e910e6b7d http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb Size/MD5: 953804 8c92652345079beea4059c2bd02cf0f6 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6_2.3.2.ds1-13ubuntu2.2_amd64.deb Size/MD5: 5424778 591e999cfc9de47e655365f2a6bd5407 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb Size/MD5: 8168 f007a3aa95bbe190e295ef04b98455b3 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb Size/MD5: 15960 a50daa05546194f6d0a30d02bdd666a4 http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/ nscd_2.3.2.ds1-13ubuntu2.2_amd64.deb Size/MD5: 90622 3251a57ba6896b412e270ef812500e08 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-dbg_2.3.2.ds1-13ubuntu2.2_i386.deb Size/MD5: 10199756 981e3d99127302b8955e0d0ecfc87189 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-dev_2.3.2.ds1-13ubuntu2.2_i386.deb Size/MD5: 2510202 4a0c6a6c253aeb99a9698c541de90db5 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-i686_2.3.2.ds1-13ubuntu2.2_i386.deb Size/MD5: 944732 45839ff16f3668c6ef58a213c6d805b4 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-pic_2.3.2.ds1-13ubuntu2.2_i386.deb Size/MD5: 1015598 8c50383383de8d5f23236ce7211a0e11 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-prof_2.3.2.ds1-13ubuntu2.2_i386.deb Size/MD5: 1985400 3882b6b9f770ffe1e2bc3c7ab55c0c5e http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb Size/MD5: 691838 94ed23b75666c67bda94b9c07ce4a5a4 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6_2.3.2.ds1-13ubuntu2.2_i386.deb Size/MD5: 4844160 d5aebff13cd1eb6f4e29d68c38cd60ae http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb Size/MD5: 7702 03de6798940e807729f30a62aac2f7ec http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb Size/MD5: 13426 b932f23a4f9c3d776c6a7c26612a44d8 http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/ nscd_2.3.2.ds1-13ubuntu2.2_i386.deb Size/MD5: 88312 99d91c0cf770b202b37ed8ae0b131ed4 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-dbg_2.3.2.ds1-13ubuntu2.2_powerpc.deb Size/MD5: 9216664 64ef82237a246fa888980efa4ea3fe76 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-dev_2.3.2.ds1-13ubuntu2.2_powerpc.deb Size/MD5: 3068930 ce32157ff282f9f48ffeba47bc4a7cc9 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-pic_2.3.2.ds1-13ubuntu2.2_powerpc.deb Size/MD5: 1272340 804072cb7e38a128ab022f05c88bc456 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-prof_2.3.2.ds1-13ubuntu2.2_powerpc.deb Size/MD5: 2582898 2c84b6bf455a4a7c3742307bb8c87c00 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb Size/MD5: 946680 0ea82c88731a21d61b3a633b4eaffda8 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libc6_2.3.2.ds1-13ubuntu2.2_powerpc.deb Size/MD5: 4213364 4f0c8de536cd48d333e52cde5aa5a0e3 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb Size/MD5: 8194 e90b76a0e762d97deddee338ea46c475 http://security.ubuntu.com/ubuntu/pool/main/g/glibc/ libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb Size/MD5: 14766 82dcd7f1abfac39464135522a96f1d42 http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/ nscd_2.3.2.ds1-13ubuntu2.2_powerpc.deb Size/MD5: 89468 1debcc6600d1c3d4e60b1156178f99c7 Diese Nachricht ist digital signiert. Klicken Sie auf das Schlosssymbol, um weitere Informationen zu erhalten. This should go upstream. I really hate it, that since a very long time everybody thinks that he need to fix and release security fixes for glibc without informing or discussing this with the glibc maintainers at all. glibcbug: We don't have this. catchsegv: Only cosmetic <!-- SBZ_reopen -->Reopened by thomas@suse.de at Tue Nov 2 09:21:43 2004 Spiral:~ # which glibcbug /usr/bin/glibcbug Spiral:~ # cat /etc/SuSE-release SuSE Linux 9.0 (i586) VERSION = 9.0 Spiral:~ # rpm -qf /usr/bin/glibcbug glibc-2.3.2-88 Spiral:~ # Why is the fix for catchsegv only cosmetic? 9.1/9.2/STABLE: kukuk@firun:~> which glibcbug kukuk@firun:~> Why is the fix for catchsegv not cosmetic? For security bugs, I expect a little bit more than only cryptic security announcements without fix (but links to thoundsands of uninteresting deb packages) for tools we don't have since a year in the distributions for which it should be fixed. 9.1/9.2/STABLE: kukuk@firun:~> which glibcbug kukuk@firun:~> Why is the fix for catchsegv not cosmetic? For security bugs, I expect a little bit more than only cryptic security announcements without fix (but links to thoundsands of uninteresting deb packages) for tools we don't have since a year in the distributions for which it should be fixed. <!-- SBZ_reopen -->Reopened by thomas@suse.de at Tue Nov 2 13:11:20 2004 + * added patch catchsegv-insecure-temp: use mktemp instead of $$ construction + to get temporary file + References: + - CAN-2004-0968 + - http://bugs.debian.org/278278 I'll attach the patch. This bug has severity minor and shoudl be fixed for STABLE only, it is not cosmetic. Please stop closing this bug. Created attachment 25691 [details]
glibc-catchsegv.diff
If this is a security problem, you should at first inform the upstream maintainers! <!-- SBZ_reopen -->Reopened by thomas@suse.de at Tue Nov 2 13:55:03 2004 I'll... What I found out in the meantime: Our catchsegv in stable isn't vulnerable, too. <!-- SBZ_reopen -->Reopened by thomas@suse.de at Tue Nov 2 18:22:51 2004 glibc-2.3/debug/catchsegv.sh still has the bug. (STABLE source) Not my version. CVE-2004-0968: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N) |