Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Root privileges through vulnerability in GNU C loader

Oct 19, 2010, 23:02 (0 Talkback[s])

"A vulnerability in the library loader of the GNU C library can be exploited to obtain root privileges under Linux and other systems. Attackers could exploit the hole, for instance, to gain full control of a system by escalating their privileges after breaking into a web server with restricted access rights. Various distributors are already working on updates.

"The loading of dynamically linked libraries when starting applications with Set User ID (SUID) privileges has always been a potential security issue. For example an attacker might set a path to a crafted library for the LD_PRELOAD environment variable, start an SUID program and have the library executed at the same privilege level as the SUID program. For this reason, various security measures and restrictions are in place to prevent applications from loading arbitrary further libraries, for instance, by adding path information."

Complete Story

Related Stories: