BID:17288

Debian GNU/Linux Multiple Packages Insecure RUNPATH Vulnerability

Info

Debian GNU/Linux Multiple Packages Insecure RUNPATH Vulnerability

Bugtraq ID:	17288
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Mar 28 2006 12:00AM
Updated:	Mar 29 2006 12:53AM
Credit:	The vendor disclosed this issue.
Vulnerable:	Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1

Not Vulnerable:

Discussion

Debian GNU/Linux Multiple Packages Insecure RUNPATH Vulnerability

Multiple packages in Debian GNU/Linux are susceptible to an insecure RUNPATH vulnerability. This issue is due to a flaw in the build system that results in insecure RUNPATHs being included in certain binaries.

This vulnerability may result in arbitrary code being executed in the context of users who run the vulnerable executables. This may facilitate privilege escalation.

Exploit / POC

Debian GNU/Linux Multiple Packages Insecure RUNPATH Vulnerability

An exploit is not required.

Solution / Fix

Debian GNU/Linux Multiple Packages Insecure RUNPATH Vulnerability

Solution:
Debian GNU/Linux has released fixed builds of the following package:

- libapache2-svn

Users should employ the 'apt-get' utility to ensure that fixed versions of affected packages are installed.

References

Debian GNU/Linux Multiple Packages Insecure RUNPATH Vulnerability

References:

Debian Bug report logs - #346322 (Debian)
Debian Bug report logs - #359234 (Debian)
Debian Bug report logs - #359239 (Debian)
Debian Homepage (Debian)