Bug 694873 (CVE-2011-1658)
Summary: | CVE-2011-1658 glibc: ld.so insecure handling of privileged programs' RPATHs with $ORIGIN | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | fweimer, jakub, mnewsome |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-11 14:14:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vincent Danen
2011-04-08 17:03:27 UTC
This problem is not new, it has existed for a long time and was mentioned in the discussions of CVE-2010-3847 and CVE-2011-0536 already (see e.g. bug #667974, comment #9). It's not clear to me why the CVE description was created in a way that only mentions one of the problems documented in the upstream bug report. Patches described in the upstream bug: http://sourceware.org/bugzilla/show_bug.cgi?id=12393#c1 were added to the glibc packages in Red Hat Enterprise Linux 5 and 6 as part of the fixes for CVE-2011-0536/CVE-2010-3847 in the following errata: https://rhn.redhat.com/errata/RHSA-2011-0412.html https://rhn.redhat.com/errata/RHSA-2011-0413.html We have rated this issue as having low security impact. This can only be exploited via setuid or setgid binary with $ORIGIN in RPATH. There is no such binary shipped in Red Hat Enterprise Linux. We are not aware of any other vendor including such binary in their distribution. As Red Hat Enterprise Linux 4 is in the maintenance phase of its life cycle and the issue has very limited impact, we currently do not plan to address this flaw in RHEL-4 glibc packages. |