| Summary: | DLL hijacking exploit | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Eclipse Project] Equinox | Reporter: | Andrew Niefer <aniefer> | ||||||||
| Component: | Framework | Assignee: | equinox.framework-inbox <equinox.framework-inbox> | ||||||||
| Status: | RESOLVED FIXED | QA Contact: | |||||||||
| Severity: | normal | ||||||||||
| Priority: | P3 | CC: | aniefer, jdmiles, john.arthorne, mukund, raji, remy.suen, stephen.francisco, tjwatson | ||||||||
| Version: | 3.3.1 | Flags: | tjwatson:
review+
|
||||||||
| Target Milestone: | 3.4.2+ | ||||||||||
| Hardware: | PC | ||||||||||
| OS: | All | ||||||||||
| Whiteboard: | |||||||||||
| Bug Depends on: | 325294 | ||||||||||
| Bug Blocks: | |||||||||||
| Attachments: |
|
||||||||||
|
Description
Andrew Niefer
Created attachment 179342 [details]
patch against 34x branch
Created attachment 179343 [details]
build script changes for compiling on win32
Created attachment 179346 [details]
patch against 34x branch (w/o whitespace changes)
I have reproduced all three of the shared library, vm and library.jar attacks on linux.gtk.x86 and have confirmed that this patch fixes them. Binaries are recompiled and released. Tagged as R34x_20100922 (In reply to comment #5) > Binaries are recompiled and released. Tagged as R34x_20100922 The map file indicates R34x_v20100922 tag was used (with a 'v'). Yes, sorry, the tag contains a 'v', this was just a typo in the comment here. Removing security advisories group. The fix is available in 3.6.2, and the exploit is already public anyway (see comment #0). |