[Secure-testing-team] Bug#583908: CVE-2010-0296: GNU Glibc mntent Newline Processing Error Lets Local Users Gain Elevated Privileges
Bernd Zeimetz
bzed at debian.org
Mon May 31 15:27:38 UTC 2010
Package: libc6
Version: 2.7-18lenny2
Severity: grave
Tags: security
Hi,
unfortunately it is not really easy to find proper information about
this issue, especially since the same CVE number is mentaioned in a
Samba related bug (#572953). But as it seems it is possible to gain root
access by injecting newlines into a mount entry or trough a vulnerable
helper.
The fix mentioned in
http://securitytracker.com/alerts/2010/May/1024043.html
is at least missing in stable, I did not check testing/unstable.
Ubuntu released an USN on the 25th which fixes this bug and two other
CVEs: http://www.ubuntu.com/usn/usn-944-1
Cheers,
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprints: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79
ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
More information about the Secure-testing-team
mailing list