Michael Jennings discovered an exploitable buffer overflow in the
configuration engine of LibAST.
Impact
======
The vulnerability can be exploited to gain escalated privileges if the
application using LibAST is setuid/setgid and passes a specifically
crafted filename to LibAST's configuration engine.
Workaround
==========
Identify all applications linking against LibAST and verify they are
not setuid/setgid.
Resolution
==========
All users should upgrade to the latest version and run revdep-rebuild:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
Gentoo Linux Security Advisory GLSA 200601-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: LibAST: Privilege escalation
Date: January 29, 2006
Bugs: #120106
ID: 200601-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A buffer overflow in LibAST may result in execution of arbitrary code
with escalated privileges.
Background
==========
LibAST is a utility library that was originally intended to accompany
Eterm, but may be used by various other applications.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 x11-libs/libast < 0.7 >= 0.7
Description
===========
Michael Jennings discovered an exploitable buffer overflow in the
configuration engine of LibAST.
Impact
======
The vulnerability can be exploited to gain escalated privileges if the
application using LibAST is setuid/setgid and passes a specifically
crafted filename to LibAST's configuration engine.
Workaround
==========
Identify all applications linking against LibAST and verify they are
not setuid/setgid.
Resolution
==========
All users should upgrade to the latest version and run revdep-rebuild:
# emerge --sync
# emerge --ask --oneshot --verbose >=x11-libs/libast-0.7
# revdep-rebuild
References
==========
[ 1 ] CVE-2006-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0224
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200601-14.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQBD3M3FzKC5hMHO6rkRAgIcAKCHIaW4xHKG3IKBaJxJeuJ20Z2C7gCfYDi7
AjPhQPfAefQ+Rnwydb2kz3k=
=mkjD
-----END PGP SIGNATURE-----
[ reply ]