oss-sec mailing list archives
Re: glibc $ORIGIN problem - CVE-2010-3847
From: Robert Święcki <robert () swiecki net>
Date: Thu, 21 Oct 2010 11:25:02 +0200
The actually exploitable impact of Tavis glibc $ORIGIN problem is still a bit open question. Apparently the bad code has a assert() in front which causes this assertion failure: $ LD_AUDIT=\$ORIGIN ping Inconsistency detected by ld.so: dl-open.c: 231: dl_open_worker: Assertion `(call_map)->l_name[0] == '\0'' failed! $
Yeah.. I looked into it as well on Ubuntu, and couldn't find any way to bypass this assert(), but as you mentioned this code is. h.o.r.r.i.b.l.e ;) so I wouldn't be surprised if there's a way to exploit it. -- Robert Święcki
Current thread:
- glibc $ORIGIN problem - CVE-2010-3847 Marcus Meissner (Oct 21)
- Re: glibc $ORIGIN problem - CVE-2010-3847 Robert Święcki (Oct 21)
- Re: glibc $ORIGIN problem - CVE-2010-3847 Florian Weimer (Oct 22)
- Re: glibc $ORIGIN problem - CVE-2010-3847 Solar Designer (Oct 24)
- Re: glibc $ORIGIN problem - CVE-2010-3847 Dmitry V. Levin (Oct 26)
- Re: glibc $ORIGIN problem - CVE-2010-3847 Solar Designer (Oct 24)