Debian Bug report logs -
#583908
CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
Reported by: Bernd Zeimetz <bzed@debian.org>
Date: Mon, 31 May 2010 15:30:05 UTC
Severity: grave
Tags: security
Found in version glibc/2.7-18lenny2
Done: Aurelien Jarno <aurelien@aurel32.net>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#583908
; Package libc6
.
(Mon, 31 May 2010 15:30:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Bernd Zeimetz <bzed@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Mon, 31 May 2010 15:30:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libc6
Version: 2.7-18lenny2
Severity: grave
Tags: security
Hi,
unfortunately it is not really easy to find proper information about
this issue, especially since the same CVE number is mentaioned in a
Samba related bug (#572953). But as it seems it is possible to gain root
access by injecting newlines into a mount entry or trough a vulnerable
helper.
The fix mentioned in
http://securitytracker.com/alerts/2010/May/1024043.html
is at least missing in stable, I did not check testing/unstable.
Ubuntu released an USN on the 25th which fixes this bug and two other
CVEs: http://www.ubuntu.com/usn/usn-944-1
Cheers,
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprints: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79
ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
Added tag(s) pending.
Request was from Aurelien Jarno <aurel32@alioth.debian.org>
to control@bugs.debian.org
.
(Fri, 04 Jun 2010 16:12:13 GMT) (full text, mbox, link).
Reply sent
to Aurelien Jarno <aurelien@aurel32.net>
:
You have taken responsibility.
(Fri, 04 Jun 2010 18:30:06 GMT) (full text, mbox, link).
Notification sent
to Bernd Zeimetz <bzed@debian.org>
:
Bug acknowledged by developer.
(Fri, 04 Jun 2010 18:30:06 GMT) (full text, mbox, link).
Message #12 received at 583908-done@bugs.debian.org (full text, mbox, reply):
Version: eglibc/2.11.1-1
On Mon, May 31, 2010 at 05:27:38PM +0200, Bernd Zeimetz wrote:
> Package: libc6
> Version: 2.7-18lenny2
> Severity: grave
> Tags: security
>
> Hi,
>
> unfortunately it is not really easy to find proper information about
> this issue, especially since the same CVE number is mentaioned in a
> Samba related bug (#572953). But as it seems it is possible to gain root
> access by injecting newlines into a mount entry or trough a vulnerable
> helper.
>
> The fix mentioned in
> http://securitytracker.com/alerts/2010/May/1024043.html
> is at least missing in stable, I did not check testing/unstable.
> Ubuntu released an USN on the 25th which fixes this bug and two other
> CVEs: http://www.ubuntu.com/usn/usn-944-1
>
This bug has been fixed in eglibc 2.11.1-1
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 03 Jul 2010 07:30:48 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:19:16 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.