glibc: Code Execution Vulnerability

Users of glibc please be advised of a code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

SUSE-SA:2010:052: [SUSE-SA:2010:052] glibc code execution
Problem Description and Brief Discussion

The Linux C library glibc was updated to fix critical security issues and several bugs:

CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_

environment variables allowed local attackers to execute code in

context of e.g. setuid root programs, elevating privileges.

This specific issue did not affect SUSE as an assertion triggers

before the respective code is executed. The bug was fixed by this

update nevertheless.

Read more at http://www.criticalwatch.com

 

Advertisements