GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability

GNU glibc is prone to a remote integer-overflow vulnerability because the 'ld.so' loader fails to sufficiently validate ELF binaries. This may be an issue if the loader is invoked with an option which would not normally execute code, such as '--verify'.



An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.


 

Privacy Statement
Copyright 2010, SecurityFocus