insecure library loading
Bug #650862 reported by
Micah Gersten
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
edbrowse (Ubuntu) |
Fix Released
|
Medium
|
Micah Gersten | ||
gjs (Ubuntu) |
Fix Released
|
Medium
|
Micah Gersten | ||
gnome-web-photo (Ubuntu) |
Fix Released
|
Medium
|
Micah Gersten | ||
gxine (Ubuntu) |
Fix Released
|
Medium
|
Micah Gersten | ||
Bug Description
Binary package hint: gxine
When there's an empty item on the colon-separated list of LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.)
If the given script is executed from a directory where a potential, local, attacker can write files to, there's a chance to exploit this
bug.
This bug affects at the very least several packages which use a wrapper around xulrunner in place of mozjs.
This is similar to CVE-2010-3349
Changed in edbrowse (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in gjs (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in gnome-web-photo (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in gxine (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in edbrowse (Ubuntu): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in gjs (Ubuntu): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in gnome-web-photo (Ubuntu): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in gxine (Ubuntu): | |
assignee: | nobody → Micah Gersten (micahg) |
visibility: | private → public |
visibility: | public → private |
visibility: | private → public |
summary: |
- CVE-2010-3349: insecure library loading + insecure library loading |
description: | updated |
To post a comment you must log in.
This bug was fixed in the package gjs - 0.7.1-1ubuntu3
---------------
gjs (0.7.1-1ubuntu3) maverick; urgency=low
* SECURITY UPDATE: insecure library loading (LP: #650862) gjs-console. sh: use shell expansion to set LD_LIBRARY_PATH
- debian/
- CVE-2010-3349
-- Micah Gersten <email address hidden> Wed, 29 Sep 2010 02:31:40 -0500