The GNU C library dynamic linker: dlopen arbitrary DSOs during setuid loads

Users of The GNU C library dynamic linker please be advised of a dlopen arbitrary DSOs during setuid loads vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

GNU-SA-10/22/2010: The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

Consequences

———————–

This is a low impact issue that is only of interest to security

professionals and system administrators, end users do not need to be

concerned.

It is possible to exploit this confusion to execute arbitrary code as root.

The exact steps required to exploit this vulnerability will vary from

distribution to distributionRead more at http://www.criticalwatch.com

 

Advertisements