Full Disclosure mailing list archives

Re: ltrace bug

From: Jirka Kosina <jikos () jikos cz>
Date: Wed, 8 Oct 2003 01:58:57 +0200 (CEST)

On Wed, 8 Oct 2003, Abhisek Datta wrote:

A heap based buffer overrun bug is identified in ltrace 'Library Call
Tracer' utility version 0.3.10-12 which allows execution of arbitrarty
code with root privilage by corrupting the heap.


I don't see any way how this bug could allow execution of code with root
privileges, as far as ltrace is not suid root.

-- 
JiKos.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

ltrace bug Abhisek Datta (Oct 07)
- Re: ltrace bug Andrés Roldán (Oct 07)
- Re: ltrace bug Jirka Kosina (Oct 07)