Hello, A weakness in the dynamic loader have been found, Glibc prior to 2.22.90 are affected. The issue is that the LD_POINTER_GUARD in the environment is not sanitized allowing local attackers easily to bypass the pointer guarding protection on set-user-ID and set-group-ID programs. Details and PoC at: http://ift.tt/1M23L24 A patch is already sent to Glibc maintainers. This issue is similar to http://ift.tt/1bkNJNQ but now affect to dynamic linked applications.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment