[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2009-0876 (VirtualBox) references
From: Nico Golde <oss-security+ml () ngolde ! de>
Date: 2009-03-17 21:41:02
Message-ID: 20090317214102.GN19038 () ngolde ! de
[Download RAW message or body]
Hi,
* Steven M. Christey <coley@linus.mitre.org> [2009-03-17 21:54]:
> On Tue, 17 Mar 2009, Nico Golde wrote:
> > Any reason the CVE description says "Unspecified
> > vulnerability...via unknown vectors"?
>
> This was based on the original Sun alert. I cleaned up the description
> yesterday, and the CVE web site was updated today.
Ok
> > Looking at the Gentoo bug report[0] it seems obvious to me
> > that this is caused by insecurely loading shared libraries
> > so you can inject your own shared lib code.
> >
> > [0] https://bugs.gentoo.org/show_bug.cgi?id=260331#c0
>
> It wasn't particularly obvious to me. I may be getting hung up on the use
> of hardlinks.
>
> Is the problem that the executable includes a "." in its library path
> (presumably DT_RPATH), and that path isn't cleansed until later during
> program execution? If it's just that, then the use of a hardlink doesn't
> seem to be essential - the attacker could run the program from their own
> directory. Or, is it that the executable eventually removes "." from its
> path, but not before some libraries have already been loaded?
From what I understood the last one is true but I am also
not 100% sure as the information about this is really rare.
The current (updated) version of the description however
looks fine to me.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic