24329 2010-10-16 12:06:40 +0400 CVE-2010-3369: insecure library loading 2015-02-14 11:38:06 +0300 1 1 4 Development Sisyphus mono-debugger unstable all Linux NEW http://bugs.debian.org/598299 security P3 blocker --- 1 crux shaba mike qa-sisyphus oldest_to_newest 113828 0 crux 2010-10-16 12:06:40 +0400 The vulnerability is introduced by an insecure change to LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for libraries on a directory other than the standard paths. Vulnerable code follows: /usr/bin/mdb-symbolreader line 2: export LD_LIBRARY_PATH="/usr/lib:${LD_LIBRARY_PATH}" /usr/bin/mdb line 2: export LD_LIBRARY_PATH="/usr/lib:${LD_LIBRARY_PATH}" When there's an empty item on the colon-separated list of LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.) If the given script is executed from a directory where a potential, local, attacker can write files to, there's a chance to exploit this 150243 1 mike 2015-02-14 11:38:06 +0300 В дебиане пишут, что исправлено в 2.6.3-2.1; у нас сейчас 2.10; upstream fix?