Bug 146402 - CAN-2004-1453 Information leak with LD_DEBUG
Summary: CAN-2004-1453 Information leak with LD_DEBUG
Keywords:
Status: CLOSED DUPLICATE of bug 152848
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: glibc
Version: fc2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://www.gentoo.org/security/en/gls...
Whiteboard: 2, discuss
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-27 21:48 UTC by Leonard den Ottolander
Modified: 2016-11-24 14:52 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-20 16:10:02 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:256 0 high SHIPPED_LIVE Low: glibc security update 2005-05-18 04:00:00 UTC

Description Leonard den Ottolander 2005-01-27 21:48:00 UTC 
Silvio Cesare discovered a potential information leak in glibc. It
allows LD_DEBUG on SUID binaries where it should not be allowed. This
has various security implications, which may be used to gain
confidentional information.
Comment 1 Jakub Jelinek 2005-01-27 22:05:05 UTC 
*** Bug 146404 has been marked as a duplicate of this bug. ***
Comment 4 Matthew Miller 2005-04-11 22:20:44 UTC 
[Bulk move of FC2 bugs to Fedora Legacy. See
<http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.]
Comment 5 Leonard den Ottolander 2005-04-12 22:44:50 UTC 
I get the impression this bug is not considered worth fixing. Reopened bug
146404 so RH security team can decide on what to do for RHEL 3.
Comment 6 Pekka Savola 2005-05-16 10:29:22 UTC 
See #152848 for RHL73/RHL9/FC1.
Comment 7 Tim Powers 2005-05-18 14:00:02 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-256.html
Comment 8 Dominic Hargreaves 2005-05-18 14:24:52 UTC 
This hasn't been fixed for FC2 by Fedora Legacy.
Comment 9 Dennis Gregorovic 2005-05-20 03:25:55 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-256.html
Comment 10 Josh Bressers 2005-06-16 22:43:43 UTC 
The errata mistakenly references this bug, when it should be referencing bug 146404.
Comment 11 Pekka Savola 2005-06-17 04:39:05 UTC 
Because this is a Fedora Legacy issue, reopening.
Comment 12 Pekka Savola 2005-07-20 16:10:02 UTC 
Continuing tracking this at #152848, so closing here.

*** This bug has been marked as a duplicate of 152848 ***
Note You need to log in before you can comment on or make changes to this bug.