Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: LD_PROFILE local root exploit for solaris 2.6

From: edaniel () EE TAMU EDU (Eric Daniel)
Date: Tue, 28 Sep 1999 11:44:40 -0500

On Fri, Sep 24, 1999 at 10:30:32AM +0200, Casper Dik wrote:

This is bug 4150646 (or rather, 1241843, which resurfaced after an
extensive rewrite of the dynamic linker)

It's been fixed in Solaris 7 and with the following patches in other
releases:

103242-07: SunOS 5.5: linker patch


It seems that the hole was fixed in the 103242-05 patch, but came back in
the 103242-07 patch. If you can't apply a patch immediately, one simple
workaround is to remove /usr/ccs/lib/link_audit/ldprof.so.1 (if you don't
care about profiling)

Note that this workaround doesn't work for other instances of this bug:
for instance, under SunOS 5.5.1 with the  103627-02 patch, any file
ldprof.so.1 in LD_LIBRARY_PATH will be loaded.

Eric Daniel
Previous By Date Next
Previous By Thread Next

Current thread: