LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-08-2010, 04:46 PM   #1
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: None (src & compile)
Posts: 253

Rep: Reputation: 36
Local Glibc shared library (.so) exploit


I've been looking awhile now, but no patch for this is yet to be found. Does anyone have more info, or better, a fix? Last version from GNU's ftp server is also vuln as of this writing.

http://packetstorm.linuxsecurity.com...glibc-exec.txt

Tested working here with FF and glibc-2.11.1
 
Old 04-08-2010, 07:39 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
If you block out the sensationalist talk about exploits 'n stuff then the intro basically reads:
"Applications in linux use shared libraries.
Shared libraries are initialized during startup.
dlopen() is used for initializing a shared library.
The _init section is always executed when dlopen is called."

Sounds OK to me. The two examples listed 0) custom compiled file and 1) overwriting plugin are external, meaning they are AFAIK not a vulnerability of the usage of shared libraries. (And offering users a shell is a know security hazard as is offering users access a compiler, right?) If we take FF as an example then AFAIK there is no ~/.mozilla/firefox/${Id}/plugins/ directory (haven't checked if FF searches for it and would use one if found). A regular FF installation resides in any /{usr,opt,whatever}/installpath/firefox/ system path which commonly is owned by root and writable only by root. So in this example being able to inject Xlibx.so into FF to me would seem to depend on root account rights meaning 0) a preceding compromise by other means, a way to inject the library in a currently running process or tricking root into loading or installing it. That's my take on it but then again I ain't no guru.
 
1 members found this post helpful.
Old 04-09-2010, 03:44 AM   #3
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: None (src & compile)
Posts: 253

Original Poster
Rep: Reputation: 36
It didn't seem that serious to me either at first look, but knowing how when in combination with other issues (setuid root apps?) these things sometimes balloon into bigger security hazards I thought I'd post it. The ~/.mozilla/plugins directory had to be created on my system. It's likely the default plugin loading place for all mozilla apps that use plugins, and not Firefox specific (ex. Seamonkey might access it as well).
 
Old 04-09-2010, 11:45 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Quote:
Originally Posted by jayjwa View Post
It didn't seem that serious to me either at first look, but knowing how when in combination with other issues (setuid root apps?) these things sometimes balloon into bigger security hazards I thought I'd post it.
I'm not criticizing your OP in any way. I think it's always good to post. After all more eyeballs means more knowledge, more experience and more points of view. And I don't know everything, right?


Quote:
Originally Posted by jayjwa View Post
The ~/.mozilla/plugins directory had to be created on my system. It's likely the default plugin loading place for all mozilla apps that use plugins, and not Firefox specific (ex. Seamonkey might access it as well).
Ah, you're right. I was mistakingly looking for ~/.mozilla/firefox/${PROFILE_NAME}/plugins instead of ~/.mozilla/plugins...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ldd reports shared library missing, but library exists on disk athv_gr Linux - Newbie 7 05-13-2009 01:31 PM
gcc link shared library against another shared library qcp Linux - Newbie 1 07-25-2008 12:15 PM
LINUX - linking archive (static library) with shared (dynamic) library gurkama Programming 5 03-05-2007 12:11 AM
Replacing glibc using linuxthreads for glibc using nptl (native positx thread library CestusGW Linux From Scratch 4 01-20-2005 08:26 AM
howto compile bin with my library using all-static and shared linked standart library stpg Programming 4 06-29-2004 05:20 AM


All times are GMT -5. The time now is 12:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration