Bug 457939 - (CVE-2008-3278) CVE-2008-3278 frysk: insecure relative RPATH
CVE-2008-3278 frysk: insecure relative RPATH
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
public=20080612,reported=20080602,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-05 12:27 EDT by Tomas Hoger
Modified: 2011-09-13 03:29 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-04 05:09:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-08-05 12:27:07 EDT
frysk packages as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of the multiple binaries shipped in the package.

This issue can possibly be exploited by a local attacker to run arbitrary code
as some other user if victim user can be convinced to run one of the affected frysk commands in an attacker controlled directory with specially crafted content.

Affected binaries: /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...)
RPATH: @RPATH@
Comment 1 Tomas Hoger 2008-08-05 12:32:16 EDT
This issue does not affect current frysk-0.4-0 packages in Fedora.

Note You need to log in before you can comment on or make changes to this bug.