Mandrake Linux Security Advisory : glibc (MDKSA-2000:045-1)
High Nessus Plugin ID 61837
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be specified with environment variables such as LD_PRELOAD. Because this is not acceptable for applications that are setuid root, ld.so normally removes these environment variables for setuid root programs. The discovered bug causes these environment variables to not be removed under certain circumstances. While setuid programs themselves are not vulnerable, external programs they execute can be affected by this problem.
A number of additional bugs have been found in the glibc locale and internationaliztion security checks. In internationalized programs, users are permitted to select a locale or choose message catalogues using environment variables such as LANG or LC_*. The content of these variables is then used as part of the pathname used to search message catalogues or locale files. Under normal circumstances, if these variables contained the '/' character, a program could load the internationalization files from arbitrary directories. This is not acceptable for setuid programs, which is the reason glibc does not allow certain settings of these variables if the program is setuid or setgid. However, some of these checks were done in inapporpriate places, contained bugs, or were missing entirely. It is highly probable that some of these bugs can be used for local root exploits.
Packages are now available for Linux-Mandrake 6.0 and 6.1.
SolutionUpdate the affected glibc, glibc-devel and / or glibc-profile packages.