- Author: Miklos Vajna
- Vulnerable: 2.11.1-1
- Unaffected: 2.11.1-2locris1
Dan Rosenberg reported two security issues in glibc:
- “ncpmount” and “mount.cifs” failed to properly sanitize provided mountpoint directory names (specifically, special characters such as newlines were not stripped). An attacker could create a directory with newline characters in its name and issue an ncpmount / mount.cifs command to mount to that directory, allowing them to corrupt /etc/mtab and potentially add unauthorized mounting options for other devices.
- A memory corruption vulnerability in ld.so: When processing maliciously crafted ELF binaries using ld.so, regardless of whether execution of those binaries is intended (for example, using the “–verify” flag, which should not lead to any code execution), arbitrary code execution can be achieved.
- Bug Tracker URL: http://bugs.frugalware.org/task/4166