package tau
tags 598303 + patch
stop
debdiff tau_2.16.4-1.3.dsc tau_2.16.4-1.4.dsc | diffstat
debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff | 59
++++++++++
tau-2.16.4/debian/changelog | 9 +
tau-2.16.4/debian/patches/series | 1
3 files changed, 69 insertions(+)
debdiff tau_2.16.4-1.3.dsc tau_2.16.4-1.4.dsc
diff -u tau-2.16.4/debian/changelog tau-2.16.4/debian/changelog
--- tau-2.16.4/debian/changelog
+++ tau-2.16.4/debian/changelog
@@ -1,3 +1,12 @@
+tau (2.16.4-1.4) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix CVE-2010-3382 insecure library loading
+ Add debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff
+ Closes: 598303
+
+ -- Anibal Monsalve Salazar <[email protected]> Wed, 06 Oct 2010 20:55:41
+1100
+
tau (2.16.4-1.3) unstable; urgency=low
* Non-maintainer upload
diff -u tau-2.16.4/debian/patches/series tau-2.16.4/debian/patches/series
--- tau-2.16.4/debian/patches/series
+++ tau-2.16.4/debian/patches/series
@@ -6,0 +7 @@
+06-598303-CVE-2010-3382-insecure-library-loading.diff
only in patch2:
unchanged:
---
tau-2.16.4.orig/debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff
+++
tau-2.16.4/debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff
@@ -0,0 +1,59 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3382
+http://security-tracker.debian.org/tracker/CVE-2010-3382
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303
+
+Raphael Geissert have found that this package contains a script that
+can be abused by an attacker to execute arbitrary code.
+
+The vulnerability is introduced by an insecure change to
+LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for
+libraries on a directory other than the standard paths.
+
+Vulnerable code follows:
+
+/usr/bin/tauex line 197:
+export LD_LIBRARY_PATH=$TAUROOT/$TAUARCH/lib/$theBinding:$LD_LIBRARY_PATH
+
+When there's an empty item on the colon-separated list of
+LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.)
+If the given script is executed from a directory where a potential,
+local, attacker can write files to, there's a chance to exploit this
+bug.
+
+Patch by Anibal Monsalve Salazar <[email protected]>
+
+--- a/tools/src/tauex.in 2007-05-19 09:04:55.000000000 +1000
++++ b/tools/src/tauex.in 2010-10-06 19:03:38.000000000 +1100
+@@ -194,7 +194,31 @@ for c in $Counters ; do
+ done
+
+
+-export LD_LIBRARY_PATH=$TAUROOT/$TAUARCH/lib/$theBinding:$LD_LIBRARY_PATH
++add_dir()
++{
++ local dir
++ dir="$1";
++
++ if [ -n "$dir" ]
++ then
++ case "$LD_LIBRARY_PATH" in
++ "$dir"|"$dir":*|*:"$dir"|*:"$dir":*)
++ # already already_in $LD_LIBRARY_PATH
++ ;;
++ "")
++ # $LD_LIBRARY_PATH is empty, don't add a separator
++ LD_LIBRARY_PATH="$dir"
++ ;;
++ *)
++ # add $dir
++ LD_LIBRARY_PATH="$dir":"$LD_LIBRARY_PATH"
++ ;;
++ esac
++ fi
++ echo "$LD_LIBRARY_PATH"
++}
++
++export LD_LIBRARY_PATH="$( add_dir "$TAUROOT/$TAUARCH/lib/$theBinding" )"
+
+ if [ $verbose = "true" ] ; then
+ echo "Matching bindings: $bindings"
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
