Users of The GNU C library dynamic linker please be advised of a dlopen arbitrary DSOs during setuid loads vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
GNU-SA-10/22/2010: The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.
Consequences
-----------------------
This is a low impact issue that is only of interest to security
professionals and system administrators, end users do not need to be
concerned.
It is possible to exploit this confusion to execute arbitrary code as root.
The exact steps required to exploit this vulnerability will vary from
distribution to distributionRead more at www.criticalwatch.com
See this Amp at http://amplify.com/u/e2bb
No comments:
Post a Comment