Debian 2.2: DSA-039-1 Moderate: Glibc Local File Overwrite
debian
March 8, 2001
The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems.
Topics Covered
Summary
Package : glibc
Problem type : local file overwrite
Debian-specific: no
The version of GNU libc that was distributed with Debian GNU/Linux 2.2
suffered from 2 security problems:
* It was possible to use LD_PRELOAD to load libraries that are listed in
/etc/ld.so.cache, even for suid programs. This could be used to create
(and overwrite) files which a user should not be allowed to.
* by using LD_PROFILE suid programs would write data to a file
to /var/tmp, which was not done safely. Again, this could be used
to create (and overwrite) files which a user should not have access
to.
Both problems have been fixed in version 2.1.3-17 and we recommend that
you upgrade your glibc packages immediately.
Please note that a side-effect of this upgrade is that ldd will no longer
work on suid programs, unless you logged in as root.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!