From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 19901 invoked by alias); 18 Aug 2004 08:41:37 -0000 Mailing-List: contact libc-hacker-help@sources.redhat.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-hacker-owner@sources.redhat.com Received: (qmail 19880 invoked from network); 18 Aug 2004 08:41:36 -0000 Received: from unknown (HELO Cantor.suse.de) (195.135.220.2) by sourceware.org with SMTP; 18 Aug 2004 08:41:36 -0000 Received: from hermes.suse.de (hermes-ext.suse.de [195.135.221.8]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by Cantor.suse.de (Postfix) with ESMTP id C52EDA90970 for ; Wed, 18 Aug 2004 10:41:35 +0200 (CEST) Date: Wed, 18 Aug 2004 08:41:00 -0000 From: Thorsten Kukuk To: libc-hacker@sources.redhat.com Subject: Gentoo glibc security advisory Message-ID: <20040818084135.GA6931@suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: SuSE Linux AG, Nuernberg, Germany User-Agent: Mutt/1.5.6i X-SW-Source: 2004-08/txt/msg00058.txt.bz2 Hi, Gentoo has issued an advisory: http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml "An attacker can gain the list of symbols a SUID application uses and their locations and can then use a trojaned library taking precendence over those symbols to gain information or perform further exploitation." with the following patch: http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-libs/glibc/files/glibc-sec-hotfix-20040804.patch?rev=1.1&content-type=text/vnd.viewcvs-markup Does somebody knows more about this? Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE Linux AG Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B