Re: [linux-security] glibc glob bug (Debian)

[Martin Siegert <siegert@sfu.ca>]

On Fri, Dec 28, 2001 at 04:53:14PM -0800, Martin Siegert wrote:
> Topic
> =====
> A buffer overflow in the glob function of the glibc library exists. Since
> this function is called, e.g., by the ftp daemon this bug can lead to a
> remote root exploit.
> It is strongly advised to upgrade immediately.
> 
> Problem Description
> ===================
> The glibc glob() function allows programs to search for path names matching
> specific patterns according the rules used by the shell. Glibc also implements
> the globfree() function which free()'s memory used earlier by other glob()
> matches. The glob function itself may encounter errors when handling strings
> ending with the "{" character. By carefully crafting user input to programs
> such as the ftp daemon that use the glob and the globfree functions it is
> possible to corrupt the memory space of the program. By carefully crafting
> user input to such daemons it is possible to corrupt memory space of the
> process. Ultimately the result of this would be an ability to execute
> arbitrary commands with the privileges of the server process, in most cases
> root.
> 
> Affected Systems
> ================
> All versions of glibc, hence all Linux distributions.
> 
> Solution
> ========
> Upgrade to a patched version of glibc for your distribution.

Debian 2.2 (potato)
-------------------
upgrade to the following packages:

libc6_2.1.3-20_i386.deb
libc6-dbg_2.1.3-20_i386.deb
libc6-dev_2.1.3-20_i386.deb
libc6-pic_2.1.3-20_i386.deb
libc6-prof_2.1.3-20_i386.deb
libnss1-compat_2.1.3-20_i386.deb
locales_2.1.3-20_i386.deb
nscd_2.1.3-20_i386.deb