Security Information / Security Advisories from late '97 and early '98 / Security Information -- ldso

Debian Security Advisory

ldso -- buffer overflow

Date Reported:

undated

Affected Packages:

ldso

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

Local users may gain root privileges by exploiting a buffer overflow in the dynamic linker (ld.so).

The vulnerability may also allow remote users to obtain root access.

This paragraph was extracted from CIAC h-86 (see References):
On Linux, programs linked against shared libraries execute some code contained in /lib/ld.so (for a.out binaries) or /lib/ld-linux.so (for ELF binaries), which loads the shared libraries and binds all symbols. If an error occurs during this stage, an error message is printed and the program terminates. The printf replacement used at this stage is not protected from buffer overruns.

References:

• CIAC Bulletin h-86

Fixes: ldso-1.8.11 or later

Fixed in:

All - (in release 1.1) 1.8.11