SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   ld.so.1 Vendors:   Sun
(Sun Issues Fix) Sun Solaris 'ld.so' LD_AUDIT Validation Error Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1014537
SecurityTracker URL:  http://securitytracker.com/id/1014537
CVE Reference:   CVE-2005-2072   (Links to External Site)
Updated:  Jul 6 2008
Original Entry Date:  Jul 20 2005
Impact:   Execution of arbitrary code via local system, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8, 9, 10
Description:   A vulnerability was reported in Sun Solaris in 'ld.so'. A local user may be able to gain elevated privileges.

The 'ld.so' loader does not properly validate user-supplied input in the LD_AUDIT environment variable when executing binaries with elevated privileges. A local user can create arbitrary code and set the environment variable to point to the arbitrary code (as a dynamic library). Then, when a set user id (setuid) or set group id (setgid) binary is invoked, the arbitrary code may be executed with elevated privileges.

Przemyslaw Frasunek reported this vulnerability.

Impact:   A local user may be able to execute arbitrary code with elevated privileges.
Solution:   Sun has issued the following fixes.

This issue is addressed in the following releases:

SPARC Platform

Solaris 8 with patch 109147-37 or later
Solaris 9 with patch 112963-22 or later
Solaris 10 with patch 117461-04 or later

x86 Platform

Solaris 8 with patch 109148-37 or later
Solaris 9 with patch 113986-18 or later

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1 (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Jun 28 2005 Sun Solaris 'ld.so' LD_AUDIT Validation Error Lets Local Users Gain Elevated Privileges



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC