All, If you've seen the recent Microsoft advisory. I put together a nice post on a similar DLL hijacking issue that affects Linux (and other POSIX-alikes). You can read the full details on my blog (http://www.nth- dimension.org.uk/blog.php?id=87) but the key point is that an empty directory specification statement in LD_LIBRARY_PATH, PATH (and probably others) is equivalent to $CWD. That is to say that LD_LIBRARY_PATH=":/lib" is equivalent to LD_LIBRARY_PATH=".:/lib". It can occur when a script has LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/lib" or similar and LD_LIBRARY_PATH hasn't previously been defined. It's worth checking for this kind of thing in scripts that may be run via sudo/su when auditing hosts. I don't believe it's a vulnerability per se, but particular instances of broken scripts may well be. Tim -- Tim Brown <mailto:timb@xxxxxxxxxxxxxxxxxxxx> <http://www.nth-dimension.org.uk/>
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/