Security hole in GLIBC <= 2.12.1-2

hoschi · 2010-10-22 11:04:16

Information (english) http://www.h-online.com/open/news/item/ … 10182.html
Information (german) http://www.heise.de/security/meldung/Ro … 10035.html

http://koji.fedoraproject.org/koji/buil … dID=201079

* Tue Oct 19 2010 Andreas Schwab <schwab@redhat.com> - 2.12.1-3 - Update from 2.12 branch - Fix strstr and memmem algorithm (BZ#12092, #641124) - Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version strncmp (BZ#12077) - Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847)

Archlinux uses currently 2.12.1-2
And this looks like maybe?

I think we should update to 2.12.1-3, should be a save decision?

Last edited by hoschi (2010-10-22 12:16:47)

Allan · 2010-10-22 11:33:30

-2 and -3 are distro specfic. Fedora versions mean nothing to us.

hoschi · 2010-10-22 11:39:44

Well. Okay.
But we don't know why the bug (in this form) doesn't work?
So I think a new build with the $ORIGIN-Fix whould be a sane decision?

Allan · 2010-10-22 11:49:21

Why fix a bug that is not there?

hoschi · 2010-10-22 12:03:33

Using this fix and knowing that it is correctly fixed seems to be better, than not using the fix and don't know why only this lonely exploit doesn't work.
In other words, I prefer knowing over believing.

btw. In normal case the currenct fix will be included in next major release anyway

Pierre · 2010-10-22 12:04:16

The links you provided are mainly about the linux kernel exploit and the glibc bug is only mentioned at the end. The kernel bug is not fixed yet though.

ber_t · 2010-10-22 12:06:54

Is it already clear, that the bug isn't in arch's glibc or does the given exploit simply not work under arch?

wonder · 2010-10-22 12:09:28

@hoschi did you tried to exploit an arch system which is up to date?

Allan · 2010-10-22 12:13:45

hoschi wrote:

btw. In normal case the currenct fix will be included in next major release anyway

Well, it has not been committed to the glibc git repo yet... if it get put into the glibc-2.12 branch, I will do the rebuild.

hoschi · 2010-10-22 12:15:41

Pierre wrote:

The links you provided are mainly about the linux kernel exploit and the glibc bug is only mentioned at the end. The kernel bug is not fixed yet though.

Sorry.
http://www.h-online.com/open/news/item/ … 10182.html

hoschi · 2010-10-22 12:20:58

Allan wrote:

hoschi wrote:
btw. In normal case the currenct fix will be included in next major release anyway
Well, it has not been committed to the glibc git repo yet... if it get put into the glibc-2.12 branch, I will do the rebuild.

That sounds fine! I tought it is now in the glibc-2.12-branch. Fail...

I think that Andreas Schwab is member of the GLIBC-Crew. So I thought if he put the fix in fedora the fix is "automatic" also in the glibc-branch.
So you think the security hole itself is maybe caused by "special whatever additions or fixes" from fedora and other distros?

Last edited by hoschi (2010-10-22 12:23:51)

Allan · 2010-10-22 12:32:22

It is not even on the master branch...

combuster · 2010-10-22 12:35:45

http://seclists.org/fulldisclosure/2010/Oct/257

http://www.vsecurity.com/resources/advisory/20101019-1/

The other one is a kernel bug and it has been fixed in 2.6.36

Arch Linux

#1 2010-10-22 11:04:16

Security hole in GLIBC <= 2.12.1-2

#2 2010-10-22 11:33:30

Re: Security hole in GLIBC <= 2.12.1-2

#3 2010-10-22 11:39:44

Re: Security hole in GLIBC <= 2.12.1-2

#4 2010-10-22 11:49:21

Re: Security hole in GLIBC <= 2.12.1-2

#5 2010-10-22 12:03:33

Re: Security hole in GLIBC <= 2.12.1-2

#6 2010-10-22 12:04:16

Re: Security hole in GLIBC <= 2.12.1-2

#7 2010-10-22 12:06:54

Re: Security hole in GLIBC <= 2.12.1-2

#8 2010-10-22 12:09:28

Re: Security hole in GLIBC <= 2.12.1-2

#9 2010-10-22 12:13:45

Re: Security hole in GLIBC <= 2.12.1-2

#10 2010-10-22 12:15:41

Re: Security hole in GLIBC <= 2.12.1-2

#11 2010-10-22 12:20:58

Re: Security hole in GLIBC <= 2.12.1-2

#12 2010-10-22 12:32:22

Re: Security hole in GLIBC <= 2.12.1-2

#13 2010-10-22 12:35:45

Re: Security hole in GLIBC <= 2.12.1-2

Board footer