[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] glibc <= 2.1.3 vulnerabilities
- Subject: [cobalt-security] glibc <= 2.1.3 vulnerabilities
- From: dfdml@xxxxxxxxxxx
- Date: Tue, 05 Sep 2000 09:42:16 -0400
Hi,
I just wanted to point out several issues related to glibc security that
has recently been discussed on the bugtraq list however I've yet to see any
patches from cobalt regarding this. They are ultimately local root
vulnerabilities but unless you dont allow cgi scripts its probably
exploitable through those means as well. For more information, please have
a look at:
http://marc.theaimsgroup.com/?l=bugtraq&m=96809992028030&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=96809850526216&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=96809981627942&w=2
My best guess is that all cobalt's products are vulnerable; at least the
following appear to be:
RAQ1 glibc-2.0.7-7
RAQ2 glibc-2.0.7-10
RAQ3 glibc-2.1.1-6
RAQ4 glibc-2.1.3-15C1
Qube2 glibc-2.0.7-10
Hopefully cobalt will expedite the fixes related to this, allthough based
on past performance I wouldn't hold my breath.
- Dave