• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

LTrace Local Command Line Parameter Heap Overflow Vulnerability

ltrace has been reported prone to a heap buffer overflow vulnerability when handling command line arguments of excessive size. The issue is reported to present itself when ltrace handles command line arguments upward of 6000 bytes. The issue is likely due to a lack of sufficient boundary checks performed on command line arguments before they are copied into a reserved buffer in heap-based memory.

A local attacker may potentially exploit this condition to corrupt malloc chunk headers that are adjacent to the vulnerable buffer. Although unconfirmed, the attacker may leverage this condition to have arbitrary instructions executed with the privileges of ltrace. ltrace may be theoretically be installed setuid on some systems.