Bug 146404 - CAN-2004-1453 Information leak with LD_DEBUG
CAN-2004-1453 Information leak with LD_DEBUG
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: glibc (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
http://www.gentoo.org/security/en/gls...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-27 16:48 EST by Leonard den Ottolander
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-16 18:46:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Leonard den Ottolander 2005-01-27 16:48:36 EST
Silvio Cesare discovered a potential information leak in glibc. It
allows LD_DEBUG on SUID binaries where it should not be allowed. This
has various security implications, which may be used to gain
confidentional information.
Comment 1 Jakub Jelinek 2005-01-27 17:04:58 EST
One bug is enough.

*** This bug has been marked as a duplicate of 146402 ***
Comment 2 Leonard den Ottolander 2005-01-27 17:10:07 EST
Hm. Somewhat weird you close this bug as a duplicate although they are
for different releases/OSes, but you don't leave bug 146207 open for
use against FC 2 and RHEL 3.

Anyway, IIUC issue exists on FC 2 and RHEL 3.

Please don't close bug 146402 as a duplicate of bug 146207 ;-) .
Comment 3 Leonard den Ottolander 2005-01-27 17:12:13 EST
So tell me for next time: One bug for multiple releases/OSes or one
for every affected release? In case of the former you shouldn't have
closed bug 146207 in the first place. In case of the latter you
shouldn't have closed this one as a dup.
Comment 4 Leonard den Ottolander 2005-04-12 18:43:01 EDT
Reopening bug as the "dup" has been moved over to Fedora Legacy. If this bug is
not considered worth fixing please close WONTFIX.
Comment 5 Josh Bressers 2005-06-16 18:45:23 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-256.html


The advisory mistakenly references bug 146202 when it should be referencing this
bug.

Note You need to log in before you can comment on or make changes to this bug.