Certain versions of glibc unsafely handle the $ORIGIN ELF substitution sequence which can be exploited to gain local privilege escalation.
Tavis Ormandy's advisory states:
"$ORIGIN is an ELF substitution sequence representing the location of the executable being loaded in the filesystem hierarchy. The intention is to allow executables to specify a search path for libraries that is relative to their location, to simplify packaging without spamming the standard search paths with single-use libraries."
A local unprivileged attacker can escalate their privileges to root.
Apply an update for the glibc packages from distribution vendors.
Thanks to Tavis Ormandy for researching and publishing the details of this vulnerability.
|Date First Published:||2010-10-25|
|Date Last Updated:||2010-10-26 11:35 UTC|