Bug 672468 (CVE-2011-0532)
Summary: | CVE-2011-0532 Directory Server: use of insecure LD_LIBRARY_PATH settings | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | a3li, benl, dlackey, jlieskov, ldv, nkinder, poelstra, rmeggins, security-response-team, sramling |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-22 07:58:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 670922 | ||
Bug Blocks: |
Description
Tomas Hoger
2011-01-25 08:08:57 UTC
Examples include: - dirsrv init script LD_LIBRARY_PATH=/usr/lib/dirsrv::/usr/lib - ldap-agent LIB_DIR=::: LD_LIBRARY_PATH=${LIB_DIR} - backup scripts LD_LIBRARY_PATH=$prefix/{{SERVER-DIR}}:$prefix:$prefix/usr/lib:$prefix/usr/lib if [ -n "$prefix" ] ; then LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:" fi This issue is result of an expansion of certain configure variables to an empty string. Most scripts also set SHLIB_PATH to the same value as LD_LIBRARY_PATH. I don't know if HP-UX dynamic linker handles empty paths in SHLIB_PATH in the same way as glibc ld.so does in LD_LIBRARY_PATH. Can anyone with access to HP-UX system verify this? DS scripts usually do SHLIB_PATH=$LD_LIBRARY_PATH or similar, so LD_LIBRARY_PATH fix should resolve most SHLIB_PATH issues too. This issue has been addressed in following products: Red Hat Directory Server 8 for RHEL 4 Red Hat Directory Server 8 for RHEL 5 Via RHSA-2011:0293 https://rhn.redhat.com/errata/RHSA-2011-0293.html |