SA-1997.11.txt
8d58fc6869de807ea0908cdd9d6408f8c6320d6446253737f9c67e21f5121306-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory SA-1997.11: Vulnerability in ld.so
Caldera Security Advisory SA-1997.11
Original report date: 16-Jul-1997
RPM build date: 17-Jul-1997
Original issue date: 23-Jul-1997
Topic: Vulnerability in ld.so
I. Problem Description
A buffer overflow problem has been reported affecting the ELF
and a.out program loaders on Linux.
On Linux, programs linked against shared libraries execute
some code contained in /lib/ld.so (for a.out binaries) or
/lib/ld-linux.so (for ELF binaries), which loads the shared
libraries and binds all symbols. If an error occurs during this
stage, an error message is printed and the program terminates. The
printf replacement used at this stage is not protected from
buffer overruns.
Detailed information about the vulnerability as well as methods of
its exploit have been made publicly available.
II. Impact
This problem can possibly be exploited by malicious users to
obtain root access.
III. Solution
Install the new ld.so 1.7.14-5 package, as described below.
These packages are located on Caldera's FTP server (ftp.caldera.com):
ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/
The MD5 checksum (from the "md5sum" command) for these package are:
2fed2dd482fe44e020a4bd40fdd2059e RPMS/ld.so-1.7.14-5.i386.rpm
572974e8f777b6da7d67aed15db9c115 SRPMS/ld.so-1.7.14-5.src.rpm
ld.so-1.7.14-5: Security upgrade as announced on 18 July 1997
This update is for ELF packages. An a.out update
does not exist.
To install the update use the following command:
rpm -U RPMS/ld.so-1.7.14-5.i386.rpm
IV. References / Credits
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
Problem originally reported by Dave G. <dhg@dec.net> on the BugTraq
email list with Message-ID:
<Pine.LNX.3.95.970716103135.5244A-100000@yoshiwara.dec.net>
This advisory closes Caldera's internal bug report #850.
$Id: SA-1997.11,v 1.1 1997/07/23 22:29:47 ron Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBM9aGB+n+9R4958LpAQH9DAP6A5J6RCBC2FIX1KSu1eSjzKAvoWE16MLL
PUdA9NZxSH640sULQITmwuIQKV5gq4ZT+m6PEVN3YaE2pSuDiBZDd2uzLteC0OpZ
ziqtdAOwOe+MKVKcSWUOccJWH67gcwrOAkA1RTLsUy08Y4NStT2KOkbkEziigyzp
0oKKo3g9r+o=
=eXHu
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed