Info

Disclosure

Jul 29, 2003

Discovery

Unknown

Dates

Exploit

Dec 22, 2004

Solution

Unknown

Description

A local overflow exists in Sun Solaris. Solaris fails to handle an overly long LD_PRELOAD environment variable while launching SUID/SGID executables resulting in a stack based overflow. By setting LD_PRELOAD to a specially crafted value, an attacker can cause a deny of service or even execute arbitrary code with elevated priviledges resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability.

Products

Sun Microsystems, Inc.	Solaris	2.6
		7
		8
		9

References

Milw0rm: 114 1182
Exploit Database: 114 1182
ISS X-Force ID: 12755
CVE ID: 2003-0609 (see also: NVD)
OVAL ID: 3601
Bugtraq ID: 8305
Secunia Advisory ID: 9388
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-07/0383.html
http://archives.neohapsis.com/archives/bugtraq/2004-12/0404.html
http://marc.theaimsgroup.com/?l=bugtraq&m=105951760418667&w=2
Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/10.27.ldso1_SPARC_ex.c
http://downloads.securityfocus.com/vulnerabilities/exploits/raptor_ldpreload.c
http://immunitysec.com
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-55680-1
Other Advisory URL: http://www.idefense.com/application/poi/display?id=1&type=vulnerabilities
CIAC Advisory: n-131
Keyword: SUNALERT 55680

Credit

Jouko Pynnonen - joukoiki.fi - Personal Page

Direct URL: http://osvdb.org/8722

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sun Microsystems, Inc.

Solaris

References

Credit