|
Solaris libsldap Buffer Overflow Vulnerability
Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a buffer overflow vulnerability in it's handling of the 'LDAP_OPTIONS' environment variable. Local attackers can exploit this vulnerability in setuid/setgid programs linked to libsldap to elevate privileges. |
|
|
Privacy Statement |
