24331 2010-10-16 12:37:28 +0400 CVE-2010-3382: insecure library loading 2010-10-20 09:16:34 +0400 1 1 4 Development Sisyphus tau unstable all Linux CLOSED FIXED http://bugs.debian.org/598303 security P3 blocker --- 1 crux sin antohami cas cow darktemplar enp evg george glebfm hiddenman imz lav ldv mithraen nbr qa_viy real rider sem shaba sin solo vitty viy vvk qa-sisyphus oldest_to_newest 113832 0 crux 2010-10-16 12:37:28 +0400 The vulnerability is introduced by an insecure change to LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for libraries on a directory other than the standard paths. Vulnerable code follows: /usr/bin/tauex line 197: export LD_LIBRARY_PATH=$TAUROOT/$TAUARCH/lib/$theBinding:$LD_LIBRARY_PATH When there's an empty item on the colon-separated list of LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.) If the given script is executed from a directory where a potential, local, attacker can write files to, there's a chance to exploit this bug. 113912 1 repository-robot 2010-10-18 14:23:15 +0400 tau-2.19.2-alt6 -> sisyphus: * Mon Oct 18 2010 Eugeny A. Rostovtsev (REAL) <real at altlinux> 2.19.2-alt6 - Fixed insecure setting of LD_LIBRARY_PATH (ALT #24331) 114022 2 crux 2010-10-20 09:16:34 +0400 Более педантичный подход к проверке на пустую строку ` if [ -n "$VAR" ]; `