Bug#594412: marked as done (CouchDB insecure library loading)

Debian Bug Tracking System Fri, 08 Oct 2010 09:48:26 -0700

Your message dated Fri, 8 Oct 2010 18:46:10 +0200
with message-id <20101008164610.gc9...@inutil.org>
and subject line Re: CouchDB insecure library loading
has caused the Debian Bug report #594412,
regarding CouchDB insecure library loading
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
594412: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: couchdb
Severity: grave
Tags: security

The following was posted to oss-security:

Date: Wed, 25 Aug 2010 14:52:52 -0400
From: Dan Rosenberg <dan.j.rosenb...@gmail.com>
Subject: [oss-security] CVE request: CouchDB insecure library loading 
(Debian/Ubuntu only)

I discovered that the /usr/bin/couchdb script on Debian/Ubuntu sets an
insecure LD_LIBRARY_PATH environment variable, such that libraries
from the current directory are loaded.  If a local attacker placed a
maliciously crafted shared library in a directory and an administrator
were tricked into launching CouchDB from this directory, arbitrary
code execution could be achieved.  This vulnerability is only
triggered when the /usr/bin/couchdb script is executed explicitly,
since the init script (/etc/init.d/couchdb) changes the current
directory before launching CouchDB.

The vulnerability was introduced by Debian patch
"mozjs1.9_ldlibpath.patch" on 3/24/2009.

Cheers,
       Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages couchdb depends on:
ii  adduser                       3.112      add and remove users and groups
pn  erlang-abi-11.b.3             <none>     (no description available)
pn  erlang-nox                    <none>     (no description available)
ii  libc6                         2.11.2-2   Embedded GNU C Library: Shared lib
pn  libicu38                      <none>     (no description available)
pn  libmozjs1d                    <none>     (no description available)
ii  lsb-base                      3.2-23.1   Linux Standard Base 3.2 init scrip
ii  mime-support                  3.48-1     MIME files 'mime.types' & 'mailcap

couchdb recommends no packages.

couchdb suggests no packages.

--- End Message ---

--- Begin Message ---
Version: 0.11.0-1
--- End Message ---

Bug#594412: marked as done (CouchDB insecure library loading)

Reply via email to