OSVDB ID: 17614

Title: Solaris Runtime Linker (ld.so.1) Arbitrary Privileged Code Execution

Info

Disclosure
Jun 27, 2005

Discovery
Unknown

Dates

Exploit
Jun 27, 2005

Solution
Unknown

Description

 A local overflow exists in Sun Solaris Runtime Linker. The runtime linker, ld.so.1, fails to check the LD_AUDIT environment variable resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with elevated privileges resulting in a loss of confidentiality and/or integrity.

Classification

 Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public

Solution

 Upgrade to version as indicated by vendor advisory, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Sun Microsystems, Inc.

Solaris

 10

Solaris (SPARC)

 8 109147-31
8 109147-32
8 109147-33
8 109147-34
8 109147-35
8 109147-36
9 112963-16
9 112963-17
9 112963-18
9 112963-19

Solaris (x86)

 8 109148-31
8 109148-32
8 109148-33
8 109148-34
8 109148-35
8 109148-36
9 113986-12
9 113986-13
9 113986-14
9 113986-15

References

Credit
  • Przemyslaw Frasunek - venglinfreebsd.lublin.pl - Przemyslaw Frasunek


Direct URL: http://osvdb.org/17614