Home page logo
/

bugtraq logo Bugtraq mailing list archives

ld.so vulnerability
From: aleph1 () DFW NET (Aleph One)
Date: Tue, 22 Jul 1997 08:47:43 -0500


---------- Forwarded message ----------
Date: Tue, 22 Jul 1997 10:20:46 +0200
From: Olaf Kirch <okir () monad swb de>
To: linux-alert () redhat com
Cc: linux-security () redhat com
Subject: [linux-security] ld.so vulnerability

-----BEGIN PGP SIGNED MESSAGE-----



                    ld.so Vulnerability

A buffer overflow problem was reported on bugtraq affecting the
ELF and a.out program loaders on Linux. This problem can possibly be
exploited by malicious users to obtain root access.

On Linux, programs linked against shared libraries execute some code
contained in /lib/ld.so (for a.out binaries) or /lib/ld-linux.so (for
ELF binaries), which loads the shared libraries and binds all symbols.
If an error occurs during this stage, an error message is printed
and the program terminates. The printf replacement used at this stage
is not protected from buffer overruns.

David Engel has released a fixed ld.so as

  ftp://ftp.ods.com/pub/linux/ld.so-1.9.3.tar.gz
  ftp://i44ftp.info.uni-karlsruhe.de/pub/linux/ld..so/ld.so-1.9.3.tar.gz

This release should soon appear on sunsite.unc.edu in /pub/Linux/GCC.
Note that ld.so-1.9 does not support the old a.out format anymore.

The following Linux distribution maintainers and vendors have released
fixed packages of ld.so:

- ------------------------------------------------------------------
                    VENDOR INFORMATION
- ------------------------------------------------------------------
Vendor:         S.u.S.E
Product:        S.u.S.E Linux 5.0
Status:         Affected, fix available
Location:       ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.0/a1
Files:          c7648fbfd29fc56905e1d569f617a811  ld.so-1.9.3.dif
                c7fba9a7f4040812307841f683ef4abc  ld.so-1.9.3.tar.gz
                19f71cfc08a69d8ecf1703e5307459a0  ldso.changes
                fd64cc73f699a2c28a809e1b7b61700e  ldso.rpm
                b3f1350e916381bd7e97c7087fc49535  ldso.tgz


Vendor:         Caldera
Product:        Caldera OpenLinux Lite, Base and Standard 1.1
Status:         Affected, fix available
Location:       ftp://ftp.caldera.com/pub/openlinux/updates/1.1/004
Files:          2fed2dd482fe44e020a4bd40fdd2059e  ld.so-1.7.14-5.src.rpm
                572974e8f777b6da7d67aed15db9c115  ld.so-1.7.14-5.i386.rpm
Note:           ELF support only.

Vendor:         RedHat
Product:        RedHat Linux 4.0, 4.1 and 4.2
Status:         Affected, fix available
Location:       ftp://ftp.redhat.com/updates/4.2
Files:          d8883e254021de3058b9c7d3174e9b28  i386/ld.so-1.7.14-5.i386.rpm
                2ab8e35978d81a57a340c81584e78785  sparc/ld.so-sparc-1.8.3-3.sparc.rpm
Note:           Files pgp-signed, key available from install CD or
                PGP key servers.

Vendor:         Debian
Product:        Debian GNU/Linux
Status:         Affected, fix available
Location:       ftp://ftp.debian.org/debian/bo-updates
Files:          c044d31c1a7f434837ec648c97481b76  ld.so_1.8.10-2.1.dsc
                bd6a94d00b6aeb10363b92e4f77a1a30  ld.so_1.8.10-2.1.tar.gz
                edea24550bf5f5a3c92a4a6319fe60b0  ldso_1.8.10-2.1_i386.deb

Vendor:         Delix
Product:        DLD 5.2
Status:         Affected, fix available
Location:       ftp://ftp.delix.de/pub/Linux/DLD-5.2/updates
Files:          156f551820e1f7305cf2c19d1cbddc68 *ld.so-1.9.2-3.i386.rpm
                bbeb99ac166d5c7cfde52346949da363 *ld.so-devel-1.9.2-3.i386.rpm

Vendor:         LST
Product:        LST Power Linux 2.2
Status:         Affected, fix available
Location:       Same as for Caldera above.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBM9RqfuFnVHXv40etAQGTawP/Srnw8tmTTkLuZrxsx49qEw3jP3hM8DdM
qeiVd8DyztiphIpIgPpWYr79e6z4/6tViDA0Cpb+ZbJ2axe7k0Dg9Ypd8k6C1cC5
L6qKo+pHbTBn7F31OEerrqniaYyVuVWdsD3tDWsItKsYqBJy5+jiRvMC3RzFqUNk
mpdo1mnqJiw=
=I/YT
-----END PGP SIGNATURE-----
--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir () lst de        +-------------------- Why Not?! -----------------------
              finger okir () brewhq swb de for PGP key



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault