Gentoo glibc security advisory
Thorsten Kukuk
kukuk@suse.de
Wed Aug 18 08:41:00 GMT 2004
Hi,
Gentoo has issued an advisory:
http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml
"An attacker can gain the list of symbols a SUID application uses and their
locations and can then use a trojaned library taking precendence over those
symbols to gain information or perform further exploitation."
with the following patch:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-libs/glibc/files/glibc-sec-hotfix-20040804.patch?rev=1.1&content-type=text/vnd.viewcvs-markup
Does somebody knows more about this?
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de
SuSE Linux AG Maxfeldstr. 5 D-90409 Nuernberg
--------------------------------------------------------------------
Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
More information about the Libc-hacker
mailing list