glibc LD_PRELOAD File Overwriting Vulnerability

glibc is the GNU C Library, a freely available, open source C library maintained by public domain, and distributed by the Free Software Foundation. It is included in most current Linux distributions.

A problem with the library could allow access to write or overwrite restricted files. Upon execution of SUID and SGID applications, the library allows a user to preload libraries in the environment variable LD_PRELOAD providing the variable does not contain forward slashes. A special check is also performed to ensure the library being preloaded is SUID. However, if the library is found in the /etc/ld.so.cache file, this check is circumvented, and never performed. It is therefore possible to load a library from /lib or /usr/lib prior to the execution of a SUID or SGID program. This flaw makes it possible for a user with malicious motives to create files in restricted locations, or overwrite files outside of the access of this user, including system files.


 

Privacy Statement
Copyright 2010, SecurityFocus