[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <201008250026.23528.timb@nth-dimension.org.uk>
Date: Wed, 25 Aug 2010 00:26:22 +0100
From: Tim Brown <timb@...-dimension.org.uk>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: DLL hijacking on Linux
All,
If you've seen the recent Microsoft advisory. I put together a nice post on a
similar DLL hijacking issue that affects Linux (and other POSIX-alikes). You
can read the full details on my blog (http://www.nth-
dimension.org.uk/blog.php?id=87) but the key point is that an empty directory
specification statement in LD_LIBRARY_PATH, PATH (and probably others) is
equivalent to $CWD. That is to say that LD_LIBRARY_PATH=":/lib" is equivalent
to LD_LIBRARY_PATH=".:/lib". It can occur when a script has
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/lib" or similar and LD_LIBRARY_PATH hasn't
previously been defined. It's worth checking for this kind of thing in scripts
that may be run via sudo/su when auditing hosts. I don't believe it's a
vulnerability per se, but particular instances of broken scripts may well be.
Tim
--
Tim Brown
<mailto:timb@...-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists