[CentOS] install older version of glibc package
cap at nsc.liu.se
Tue Oct 26 05:34:52 EDT 2010
On Monday 25 October 2010, Peter Kjellstrom wrote:
> On Monday 25 October 2010, Sherin George wrote:
> > Hello Guys,
> > Recently, I have installed some custom packaged of glibc in servers I
> > manage due to vulnerabilities. At that time, official centos packages
> > were not available. Now, I want to roll back to centos versions.
> Do note that this new (and probably your custom built) glibc is vulnerable
> to a new trival local root
Turns out that getting root with 3856 on CentOS-5 atleast isn't
copy-n-paste-trivial. The suggested exploit using libpcprofile.so fails since
that file comes from glibc-utils which (afaict) typically isn't installed.
That said, it seems very likely that there are other ways to exploit 3856 on
CentOS-5 so do not in any way interpret this as "lets skip the update".
> (so you may want to build yet another custom
> version instead of switching back):
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.centos.org/pipermail/centos/attachments/20101026/d225057f/attachment.bin
More information about the CentOS