ldsoWhoops.txt

ld.so from Solaris 9 and 10 doesn't check LDAUDIT environment variable when running sugid binaries, allowing to run arbitrary code with elevated privileges. Well, I can't belive, that such trivial vulnerability exists in modern OS... The following PoC code was tested on: - SunOS 5.10 Generic i86p...

ld.so fails to unset LD_PRELOAD before executing suid root programs

Overview ld.so fails to unset LDPRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries. Description ld.so, the UNIX/LINUX dynamic loader, fails in some conditions and some operating system releases to unset LDPRELOAD before loading suid root programs for...