|
|
|
|
|
|
by thras
6037 days ago
|
|
|
You mean "root exploit" not "root vulnerability." The second term is again mistaken, although it gets used a lot. Did you even read the exploit code? He's figured out a way to overwrite LD_PRELOAD environment variable for anything SUID. That means that you get to tell the binary to load libraries other than what it planned on loading. And hence run arbitrary code. This has nothing to do with "localhost." If you'd like to give examples of people using "localhost vulnerability" in the past, go right ahead and link to them. |
|
|