Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Solaris libsldap Buffer Overflow Vulnerability

Solaris libsldap Buffer Overflow Vulnerability

by platon on June 29th, 2001 Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid...



Libsldap contains a buffer overflow vulnerability in it's handling of the 'LDAP_OPTIONS' environment variable.

Local attackers can exploit this vulnerability in setuid/setgid programs linked to libsldap to elevate privileges.

Sun has reportedly acknowledged the vulnerability and fixes will be released soon.

An unofficial workaround supplied by Jouko Pynnönen is to replace the existing 'libsldap.so' with a 'dummy' version that does not contain the offending code. This may limit or break functionality of some of the utilities:

$ cp /dev/null dummy.c

$ gcc -shared dummy.c -o dummy.so

$ su

# mv /usr/lib/libsldap.so.1 /usr/lib/orig_libsldap_so

# cp dummy.so /usr/lib/libsldap.so.1

Discovered by Jouko Pynnönen .


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »