ld.so vulnerability

Aleph One (aleph1@DFW.NET)
Tue, 22 Jul 1997 08:47:43 -0500

---------- Forwarded message ----------
Date: Tue, 22 Jul 1997 10:20:46 +0200
From: Olaf Kirch <okir@monad.swb.de>
To: linux-alert@redhat.com
Cc: linux-security@redhat.com
Subject: [linux-security] ld.so vulnerability

-----BEGIN PGP SIGNED MESSAGE-----

ld.so Vulnerability

A buffer overflow problem was reported on bugtraq affecting the
ELF and a.out program loaders on Linux. This problem can possibly be
exploited by malicious users to obtain root access.

On Linux, programs linked against shared libraries execute some code
contained in /lib/ld.so (for a.out binaries) or /lib/ld-linux.so (for
ELF binaries), which loads the shared libraries and binds all symbols.
If an error occurs during this stage, an error message is printed
and the program terminates. The printf replacement used at this stage
is not protected from buffer overruns.

David Engel has released a fixed ld.so as

ftp://ftp.ods.com/pub/linux/ld.so-1.9.3.tar.gz
ftp://i44ftp.info.uni-karlsruhe.de/pub/linux/ld..so/ld.so-1.9.3.tar.gz

This release should soon appear on sunsite.unc.edu in /pub/Linux/GCC.
Note that ld.so-1.9 does not support the old a.out format anymore.

The following Linux distribution maintainers and vendors have released
fixed packages of ld.so:

- ------------------------------------------------------------------
VENDOR INFORMATION
- ------------------------------------------------------------------
Vendor: S.u.S.E
Product: S.u.S.E Linux 5.0
Status: Affected, fix available
Location: ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.0/a1
Files: c7648fbfd29fc56905e1d569f617a811 ld.so-1.9.3.dif
c7fba9a7f4040812307841f683ef4abc ld.so-1.9.3.tar.gz
19f71cfc08a69d8ecf1703e5307459a0 ldso.changes
fd64cc73f699a2c28a809e1b7b61700e ldso.rpm
b3f1350e916381bd7e97c7087fc49535 ldso.tgz

Vendor: Caldera
Product: Caldera OpenLinux Lite, Base and Standard 1.1
Status: Affected, fix available
Location: ftp://ftp.caldera.com/pub/openlinux/updates/1.1/004
Files: 2fed2dd482fe44e020a4bd40fdd2059e ld.so-1.7.14-5.src.rpm
572974e8f777b6da7d67aed15db9c115 ld.so-1.7.14-5.i386.rpm
Note: ELF support only.

Vendor: RedHat
Product: RedHat Linux 4.0, 4.1 and 4.2
Status: Affected, fix available
Location: ftp://ftp.redhat.com/updates/4.2
Files: d8883e254021de3058b9c7d3174e9b28 i386/ld.so-1.7.14-5.i386.rpm
2ab8e35978d81a57a340c81584e78785 sparc/ld.so-sparc-1.8.3-3.sparc.rpm
Note: Files pgp-signed, key available from install CD or
PGP key servers.

Vendor: Debian
Product: Debian GNU/Linux
Status: Affected, fix available
Location: ftp://ftp.debian.org/debian/bo-updates
Files: c044d31c1a7f434837ec648c97481b76 ld.so_1.8.10-2.1.dsc
bd6a94d00b6aeb10363b92e4f77a1a30 ld.so_1.8.10-2.1.tar.gz
edea24550bf5f5a3c92a4a6319fe60b0 ldso_1.8.10-2.1_i386.deb

Vendor: Delix
Product: DLD 5.2
Status: Affected, fix available
Location: ftp://ftp.delix.de/pub/Linux/DLD-5.2/updates
Files: 156f551820e1f7305cf2c19d1cbddc68 *ld.so-1.9.2-3.i386.rpm
bbeb99ac166d5c7cfde52346949da363 *ld.so-devel-1.9.2-3.i386.rpm

Vendor: LST
Product: LST Power Linux 2.2
Status: Affected, fix available
Location: Same as for Caldera above.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBM9RqfuFnVHXv40etAQGTawP/Srnw8tmTTkLuZrxsx49qEw3jP3hM8DdM
qeiVd8DyztiphIpIgPpWYr79e6z4/6tViDA0Cpb+ZbJ2axe7k0Dg9Ypd8k6C1cC5
L6qKo+pHbTBn7F31OEerrqniaYyVuVWdsD3tDWsItKsYqBJy5+jiRvMC3RzFqUNk
mpdo1mnqJiw=
=I/YT
-----END PGP SIGNATURE-----

--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de        +-------------------- Why Not?! -----------------------
              finger okir@brewhq.swb.de for PGP key