insecure library loading
Bug #650862 reported by
Micah Gersten
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| edbrowse (Ubuntu) |
Fix Released
|
Medium
|
Micah Gersten | ||
| gjs (Ubuntu) |
Fix Released
|
Medium
|
Micah Gersten | ||
| gnome-web-photo (Ubuntu) |
Fix Released
|
Medium
|
Micah Gersten | ||
| gxine (Ubuntu) |
Fix Released
|
Medium
|
Micah Gersten | ||
Bug Description
Binary package hint: gxine
When there's an empty item on the colon-separated list of LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.)
If the given script is executed from a directory where a potential, local, attacker can write files to, there's a chance to exploit this
bug.
This bug affects at the very least several packages which use a wrapper around xulrunner in place of mozjs.
This is similar to CVE-2010-3349
| Changed in edbrowse (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| Changed in gjs (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| Changed in gnome-web-photo (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| Changed in gxine (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| Changed in edbrowse (Ubuntu): | |
| assignee: | nobody → Micah Gersten (micahg) |
| Changed in gjs (Ubuntu): | |
| assignee: | nobody → Micah Gersten (micahg) |
| Changed in gnome-web-photo (Ubuntu): | |
| assignee: | nobody → Micah Gersten (micahg) |
| Changed in gxine (Ubuntu): | |
| assignee: | nobody → Micah Gersten (micahg) |
| visibility: | private → public |
| visibility: | public → private |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in edbrowse (Ubuntu): | |
| status: | Triaged → Fix Released |
| Changed in gjs (Ubuntu): | |
| status: | Triaged → Fix Released |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in gnome-web-photo (Ubuntu): | |
| status: | Triaged → Fix Released |
| Changed in gxine (Ubuntu): | |
| status: | Triaged → Fix Released |
| visibility: | private → public |
| summary: |
- CVE-2010-3349: insecure library loading + insecure library loading |
| description: | updated |
To post a comment you must log in.
This bug was fixed in the package gjs - 0.7.1-1ubuntu3
---------------
gjs (0.7.1-1ubuntu3) maverick; urgency=low
* SECURITY UPDATE: insecure library loading (LP: #650862)
- debian/
- CVE-2010-3349
-- Micah Gersten <email address hidden> Wed, 29 Sep 2010 02:31:40 -0500