linux ld.so vuln - CSSA-2000-028.0

["Seth D. Leonard" <teak () BELLSOUTH NET>]

this is regarding the linux ld.so unsetenv problem, announced by Caldera a few days ago:

http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt

for anyone interested, i've put together a demonstration of this problem. the conditions which cause the bug are 
probably rare to find in real-world suid programs. there is an example vulnerable program included in the tarball. in 
the short testing performed on a linux SuSE 6.2 box, i didn't find common suid programs to be vulnerable (i tested only 
sendmail & rcp). i didn't do any tests with perl, but suid perl could potentially produce tasty results.

i'd love to hear reports of any vulnerable applications...

nimrood@efnet

Attachment: rumple.tgz
Description: