ld.so Vulnerability

ld.so Vulnerability Privacy and Legal Notice INFORMATION BULLETIN H-86: ld.so Vulnerability July 22, 1997 23:00 GMT

PROBLEM:       A buffer overflow vulnerability exists affecting the ELF and 
               a.out program loaders on Linux. 
PLATFORM:      All platforms running the Linux distributions listed below. 
DAMAGE:        This vulnerability may allow remote users to obtain root 
               access. 
SOLUTION:      Apply patches listed below. 
VULNERABILITY  Exploit details involving this vulnerability have been made 
ASSESSMENT:    publicly available. 


[ Start Linux-Alert ]


		    ld.so Vulnerability

A buffer overflow problem was reported on bugtraq affecting the
ELF and a.out program loaders on Linux. This problem can possibly be
exploited by malicious users to obtain root access.

On Linux, programs linked against shared libraries execute some code
contained in /lib/ld.so (for a.out binaries) or /lib/ld-linux.so (for
ELF binaries), which loads the shared libraries and binds all symbols.
If an error occurs during this stage, an error message is printed
and the program terminates. The printf replacement used at this stage
is not protected from buffer overruns.

David Engel has released a fixed ld.so as

  ftp://ftp.ods.com/pub/linux/ld.so-1.9.3.tar.gz
  ftp://i44ftp.info.uni-karlsruhe.de/pub/linux/ld.so/ld.so-1.9.3.tar.gz

This release should soon appear on sunsite.unc.edu in /pub/Linux/GCC.
Note that ld.so-1.9 does not support the old a.out format anymore.

The following Linux distribution maintainers and vendors have released
fixed packages of ld.so:

--------------------------------------------------------------------  
		    VENDOR INFORMATION
--------------------------------------------------------------------
Vendor:		S.u.S.E
Product:	S.u.S.E Linux 5.0
Status:		Affected, fix available
Location:	ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.0/a1
Files:		c7648fbfd29fc56905e1d569f617a811  ld.so-1.9.3.dif
		c7fba9a7f4040812307841f683ef4abc  ld.so-1.9.3.tar.gz
		19f71cfc08a69d8ecf1703e5307459a0  ldso.changes
		fd64cc73f699a2c28a809e1b7b61700e  ldso.rpm
		b3f1350e916381bd7e97c7087fc49535  ldso.tgz


Vendor:		Caldera
Product:	Caldera OpenLinux Lite, Base and Standard 1.1
Status:		Affected, fix available
Location:	ftp://ftp.caldera.com/pub/openlinux/updates/1.1/004
Files:		2fed2dd482fe44e020a4bd40fdd2059e  ld.so-1.7.14-5.src.rpm
		572974e8f777b6da7d67aed15db9c115  ld.so-1.7.14-5.i386.rpm
Note:		ELF support only.

Vendor:		RedHat
Product:	RedHat Linux 4.0, 4.1 and 4.2
Status:		Affected, fix available
Location:	ftp://ftp.redhat.com/updates/4.2
Files:		d8883e254021de3058b9c7d3174e9b28  i386/ld.so-1.7.14-
5.i386.rpm
		2ab8e35978d81a57a340c81584e78785  sparc/ld.so-sparc-1.8.3-
3.sparc.rpm
Note:		Files pgp-signed, key available from install CD or
		PGP key servers.

Vendor:		Debian
Product:	Debian GNU/Linux
Status:		Affected, fix available
Location:	ftp://ftp.debian.org/debian/bo-updates
Files:		c044d31c1a7f434837ec648c97481b76  ld.so_1.8.10-2.1.dsc
		bd6a94d00b6aeb10363b92e4f77a1a30  ld.so_1.8.10-2.1.tar.gz
		edea24550bf5f5a3c92a4a6319fe60b0  ldso_1.8.10-2.1_i386.deb

Vendor:		Delix
Product:	DLD 5.2
Status:		Affected, fix available
Location:	ftp://ftp.delix.de/pub/Linux/DLD-5.2/updates
Files:		156f551820e1f7305cf2c19d1cbddc68 *ld.so-1.9.2-3.i386.rpm
		bbeb99ac166d5c7cfde52346949da363 *ld.so-devel-1.9.2-3.i386.rpm

Vendor:		LST
Product:	LST Power Linux 2.2
Status:		Affected, fix available
Location:	Same as for Caldera above.


[ End Linux-Alert ]

CIAC wishes to acknowledge the contributions of Olaf Kirch for the information contained in this bulletin.

CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at:

    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org

This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.

UCRL-MI-119788
[Privacy and Legal Notice]