First published: Wed Jun 29 2005(Updated: )
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sun SunOS | =5.8 | |
Sun Solaris | =9.0 | |
Sun Solaris | =10.0 | |
Sun Solaris | =9.0 | |
Sun Solaris | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.