Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Ubuntu 8.10: USN-721-1 Critical Fglrx Installer Remote Code Execution

Calendar Feb 17, 2009 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical code execution remote code execution ubuntu fglrx-installer unsafe environment
Marko Lindqvist discovered that the fglrx installer created an unsafeLD_LIBRARY_PATH on 64bit systems. If a user were tricked into downloadingspecially crafted libraries and running commands in the same directory,a remote attacker could execute arbitrary code with user privileges. [More...] 
==========================================================Ubuntu Security Notice USN-721-1          February 17, 2009
fglrx-installer vulnerability
https://bugs.launchpad.net/ubuntu/+source/linux-restricted-modules-2.6.24/+bug/323327
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  xorg-driver-fglrx               2:8.543-0ubuntu4.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Marko Lindqvist discovered that the fglrx installer created an unsafe
LD_LIBRARY_PATH on 64bit systems.  If a user were tricked into downloading
specially crafted libraries and running commands in the same directory,
a remote attacker could execute arbitrary code with user privileges.


Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    26000 8fd05a4ab9e9f04c59ed5b731bcacd8b
          Size/MD5:     1443 e7dee56d6c645ff3bce0c3093af205e3
          Size/MD5: 47046692 6abc8e86f1a00168ba8f43d58f71cb69

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:    10938 8f0014e73c06b1fd0e586359067641c7
          Size/MD5:   846038 8982e97324d57a3db0072123d2406a56
          Size/MD5:  6630112 72d48d2e40f3bb63b7ad9b66367d5dca
          Size/MD5:  1430276 cd88c1a040f050472b82406308e28ec5
          Size/MD5:    83402 8b2fc26c7f1e2417613e543428d5b21f
          Size/MD5: 17264298 e26cff93ff7eb4cddede61ea41b81aee

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:    10938 2fc0c5d1a8c799df60ee474b10e57e0a
          Size/MD5:   412474 c23a19c9e238b0cc8986b98910c0da9d
          Size/MD5:  6749062 80263acaf045f9a196d8a2486dc42969
          Size/MD5:  1368946 18257688f659b91d95746e1b509edc5d
          Size/MD5:    78658 537cc59d4b86274114f0eeb5febdf283
          Size/MD5: 11915472 d392662d6ecefae8992c12c0356b63fa

Ubuntu 8.10: USN-721-1 Critical Fglrx Installer Remote Code Execution

ubuntu
Calendar Grey February 17, 2009
Dist Ubuntu Esm H88
Critical security notice regarding the fglrx-installer on Ubuntu identifies a vulnerability that enables remote code execution through improperly managed environment variables.
Marko Lindqvist discovered that the fglrx installer created an unsafeLD_LIBRARY_PATH on 64bit systems

Summary

Topics%20covered

Topics Covered

security advisory critical code execution remote code execution ubuntu fglrx-installer unsafe environment

Update Instructions

References

Severity
critical
Lowest
Low
Medium
High
Critical

fglrx-installer vulnerability

Topics%20covered

Topics Covered

security advisory critical code execution remote code execution ubuntu fglrx-installer unsafe environment

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here