Any body can explain why no credit section for this advisory?
On Thu, Dec 3, 2009 at 1:30 AM, FreeBSD Security Advisories <security-advisor...@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-09:16.rtld Security Advisory > The FreeBSD Project > > Topic: Improper environment sanitization in rtld(1) > > Category: core > Module: rtld > Announced: 2009-12-03 > Affects: FreeBSD 7.0 and later. > Corrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE) > 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) > 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE) > 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) > 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) > CVE Name: CVE-2009-4146, CVE-2009-4147 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. Background > > The run-time link-editor, rtld, links dynamic executable with their > needed libraries at run-time. It also allows users to explicitly > load libraries via various LD_ environmental variables. > > II. Problem Description > > When running setuid programs rtld will normally remove potentially > dangerous environment variables. Due to recent changes in FreeBSD > environment variable handling code, a corrupt environment may > result in attempts to unset environment variables failing. > > III. Impact > > An unprivileged user who can execute programs on a system can gain > the privileges of any setuid program which he can run. On most > systems configurations, this will allow a local attacker to execute > code as the root user. > > IV. Workaround > > No workaround is available, but systems without untrusted local users, > where all the untrusted local users are jailed superusers, and/or where > untrusted users cannot execute arbitrary code (e.g., due to use of read > only and noexec mount options) are not affected. > > Note that "untrusted local users" include users with the ability to > upload and execute web scripts (CGI, PHP, Python, Perl etc.), as they > may be able to exploit this issue. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, > or to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated > after the correction date. > > 2) To patch your present system: > > The following patches have been verified to apply to FreeBSD 7.1, 7.2, > and 8.0 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 7.x] > # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch > # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc > > [FreeBSD 8.0] > # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch > # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/libexec/rtld-elf > # make obj && make depend && make && make install > > NOTE: On the amd64 platform, the above procedure will not update the > ld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On > amd64 systems where the i386 rtld are installed, the operating system > should instead be recompiled as described in > <URL:http://www.FreeBSD.org/handbook/makeworld.html> > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_7 > src/libexec/rtld-elf/rtld.c 1.124.2.7 > RELENG_7_2 > src/UPDATING 1.507.2.23.2.8 > src/sys/conf/newvers.sh 1.72.2.11.2.9 > src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2 > RELENG_7_1 > src/UPDATING 1.507.2.13.2.12 > src/sys/conf/newvers.sh 1.72.2.9.2.13 > src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2 > RELENG_8 > src/libexec/rtld-elf/rtld.c 1.139.2.4 > RELENG_8_0 > src/UPDATING 1.632.2.7.2.4 > src/sys/conf/newvers.sh 1.83.2.6.2.4 > src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2 > - ------------------------------------------------------------------------- > > Subversion: > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/7/ r199981 > releng/7.2/ r200054 > releng/7.1/ r200054 > stable/8/ r199980 > releng/8.0/ r200054 > - ------------------------------------------------------------------------- > > VII. References > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4146 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4147 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-09:16.rtld.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (FreeBSD) > > iEUEARECAAYFAksXg/IACgkQFdaIBMps37KrLwCdH4JsCrvdS1RGoGj7MlNgV3+/ > nhYAliVcz9tL8Ll6pYKpIalR740sZ5s= > =jK/a > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org" > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
