Solaris libsldap Buffer Overflow Vulnerability

Solaris libsldap Buffer Overflow Vulnerability

Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid.

Libsldap contains a buffer overflow vulnerability in it's handling of the 'LDAP_OPTIONS' environment variable.

Local attackers can exploit this vulnerability in setuid/setgid programs linked to libsldap to elevate privileges.