Debian Security Advisory
ldso -- buffer overflow
- Date Reported:
- undated
- Affected Packages:
- ldso
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
Local users may gain root privileges by exploiting a buffer overflow
in the dynamic linker (ld.so).
The vulnerability may also allow remote users to obtain root access.
This paragraph was extracted from CIAC h-86 (see References):
On Linux, programs linked against shared libraries execute some code contained in /lib/ld.so (for a.out binaries) or /lib/ld-linux.so (for ELF binaries), which loads the shared libraries and binds all symbols. If an error occurs during this stage, an error message is printed and the program terminates. The printf replacement used at this stage is not protected from buffer overruns.References:
Fixes: ldso-1.8.11 or later
- Fixed in:
- All - (in release 1.1) 1.8.11