This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Gentoo glibc security advisory


Hi,

Gentoo has issued an advisory: 
http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml 
 
"An attacker can gain the list of symbols a SUID application uses and their 
locations and can then use a trojaned library taking precendence over those 
symbols to gain information or perform further exploitation." 

with the following patch:

http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-libs/glibc/files/glibc-sec-hotfix-20040804.patch?rev=1.1&content-type=text/vnd.viewcvs-markup 


Does somebody knows more about this?

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Maxfeldstr. 5                 D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]