Description
Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.
Affected products
- caldera / openlinux_lite1.1 – 1.1
- Debian / debian_linux4.0 – 4.0
- delix / dld5.2 – 5.2
- lst / lst_power_linux2.2 – 2.2
- RedHat / linux4.0 – 4.0
- RedHat / linux4.1 – 4.1
- RedHat / linux4.2 – 4.2
- SUSE / suse_linux5.0 – 5.0
References
- MAILING_LISThttp://marc.info/?l=bugtraq&m=88661732807795&w=2
- MAILING_LISThttp://marc.info/?l=bugtraq&m=87602661419351&w=2
- MAILING_LISThttp://marc.info/?l=bugtraq&m=87602661419318&w=2