|
|
|
|
|
|
by dane-pgp
2726 days ago
|
|
|
The Debian discussion for the ul/glibc issue: https://lists.debian.org/debian-glibc/2016/09/msg00177.html mentions this bug: https://sourceware.org/bugzilla/show_bug.cgi?id=20632 "This seems quite exploitable to me: we end up overwriting a function pointer that malloc invokes. If an attacker can invoke the process with stderr closed (easy to do from a shell), and can control what text the process outputs to stderr, the attacker can execute arbitrary code." If that's true, I can't help wondering if an exploit for this is already sitting in some blackhat's tool box somewhere. |
|
|