Gentoo Archives: gentoo-security

From: dev-random@××××.ru
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] #342619 RESOLVED WONTFIX
Date: Thu, 28 Oct 2010 01:04:54
Message-Id: 20101028002353.GA10276@localhost
In Reply to: Re: [gentoo-security] #342619 RESOLVED WONTFIX by Volker Armin Hemmann
1 On Wed, Oct 27, 2010 at 08:33:56PM +0200, Volker Armin Hemmann wrote:
2 > please show me some enterprise distros incorporating that patch.
3
4 I didn't test that patch; even if it's incorrect, bugreport is not about
5 a patch. It's about a security issue.
6
7 For example, look here:
8 http://seclists.org/fulldisclosure/2010/Oct/344
9
10 This proof-of-concept exploit still works in gentoo (amd64 stable at least,
11 even hardened!), because some dangerous variables are not filtered out.
12
13 (note if you want to test it: vixie-cron won't execute created file
14 because it's not executable. Either use another crond, or use exploit to
15 create e.g. udev rule instead of crontab entry).
16
17
18 Another similar vulunerability caused by not filtering some variables was
19 found about a week ago. I don't know if it still works in Gentoo, because
20 hardened is not affected by that one.
21 http://seclists.org/fulldisclosure/2010/Oct/257

Replies

Subject Author
Re: [gentoo-security] #342619 RESOLVED WONTFIX Pavel Labushev <p.labushev@×××××.com>