144518 – CAN-2005-0087 alsa-lib disables stack protection for it's users

Bug 144518 - CAN-2005-0087 alsa-lib disables stack protection for it's users

Summary: CAN-2005-0087 alsa-lib disables stack protection for it's users

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	alsa-lib
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Brian Stein
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=important
Depends On:
Blocks:	FC3Update 142822
TreeView+	depends on / blocked

Reported:	2005-01-07 21:45 UTC by Brian Stein
Modified:	2013-03-01 05:14 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-02-15 09:25:07 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
patch to fix this issue (851 bytes, patch) 2005-01-07 21:45 UTC, Arjan van de Ven	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2005:033	0	normal	SHIPPED_LIVE	Important: alsa-lib security update	2005-02-15 05:00:00 UTC

Description Arjan van de Ven 2005-01-07 21:45:54 UTC

Description of problem:
 
libasound.so will disable the stack execution protection for all the apps using
it, which is quite a big chunk of our desktop apps.
The cause is a bit of evil code in src/mixer/mixer.c

I will attach a patch to fix this.

Note that this is a rather serious security issue due to the effect of disabling
stack protection (both execshield segment and NX) for a wide range of
applications at once.

Comment 1 Arjan van de Ven 2005-01-07 21:45:54 UTC

Created attachment 109498 [details]
patch to fix this issue

Comment 7 Mark J. Cox 2005-01-28 11:49:05 UTC

I'm assigning this issue CAN-2005-0087 as it borderline qualifies for
a CVE name under the definition of "exposure".  Since this has the
potential to disable stack execution protection for a large number of
applications, it's violating a reasonable security stance for the
RHEL4 product.

Comment 8 Mark J. Cox 2005-02-15 09:25:07 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-033.html

Note You need to log in before you can comment on or make changes to this bug.