This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/21624] New: ld.so: Unsafe alloca allows local attackers to alias stack and heap
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 19 Jun 2017 15:06:42 +0000
- Subject: [Bug dynamic-link/21624] New: ld.so: Unsafe alloca allows local attackers to alias stack and heap
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=21624
Bug ID: 21624
Summary: ld.so: Unsafe alloca allows local attackers to alias
stack and heap
Product: glibc
Version: 2.25
Status: NEW
Severity: normal
Priority: P1
Component: dynamic-link
Assignee: fweimer at redhat dot com
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security+
Qualys Research Labs reported that the use in alloca in the dynamic linker,
specifically while processing the LD_LIBRARY_PATH variable, allows local
attackers to conduct generic privilege escalation attacks against
SUID/AT_SECURE=1 binaries.
Reporter URL:
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
--
You are receiving this mail because:
You are on the CC list for the bug.