Bug#559805: CVE-2009-3736 local privilege escalation
On Mon, 7 Dec 2009 19:04:16 +0100 Josip Rodin wrote: On Mon, Dec 07, 2009 at 11:04:38AM -0500, Michael Gilbert wrote: On Mon, 7 Dec 2009 09:16:57 +0100, Josip Rodin wrote: unless this code somehow inexplicalby crept in, there's no bug. please check your linking process, so that there is no uncertainty about this. thank you All the freeradius packages are linked against libltdl.so. Is it even possible for the linker to somehow add the internal copy and link against the system library - how would it decide whose symbols to use on run-time? make sure you are using --without-included-ltdl. thanks. mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#559805: CVE-2009-3736 local privilege escalation
On Mon, 7 Dec 2009 09:16:57 +0100, Josip Rodin wrote: unless this code somehow inexplicalby crept in, there's no bug. please check your linking process, so that there is no uncertainty about this. thank you mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#559805: CVE-2009-3736 local privilege escalation
On Mon, Dec 07, 2009 at 11:04:38AM -0500, Michael Gilbert wrote: On Mon, 7 Dec 2009 09:16:57 +0100, Josip Rodin wrote: unless this code somehow inexplicalby crept in, there's no bug. please check your linking process, so that there is no uncertainty about this. thank you All the freeradius packages are linked against libltdl.so. Is it even possible for the linker to somehow add the internal copy and link against the system library - how would it decide whose symbols to use on run-time? -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#559805: CVE-2009-3736 local privilege escalation
Package: freeradius Severity: grave Tags: security Hi, The following CVE (Common Vulnerabilities Exposures) id was published for libtool. I have determined that this package embeds a vulnerable copy of the libtool source code. However, since this is a mass bug filing (due to so many packages embedding libtool), I have not had time to determine whether the vulnerable code is actually present in any of the binary packages. Please determine whether this is the case. If the package is not affected, please feel free to close the bug with a message containing the details of what you did to check. CVE-2009-3736[0]: | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, | attempts to open a .la file in the current working directory, which | allows local users to gain privileges via a Trojan horse file. Note that this problem also affects etch and lenny, so if your package is affected, please coordinate with the security team to release the DSA for the affected packages. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736 http://security-tracker.debian.org/tracker/CVE-2009-3736 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org