this post was submitted on 31 Jan 2024
25 points (100.0% liked)

Security

4939 readers
8 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
gary_host_laptop@lemmy.ml
25
Root access vulnerability in glibc library impacts many Linux distros (securityaffairs.com)
submitted 7 months ago by BlanK0@lemmy.ml to c/security@lemmy.ml
3 comments fedilink hide all child comments
top 3 comments
sorted by: hot top controversial new old
[โ€“] immibis@social.immibis.com 4 points 7 months ago (2 children)

@BlanK0 @security the fix commit says the problem occurs when the program name is very long - so probably not very exploitable, as the program name is usually set in stone.

[โ€“] BlanK0@lemmy.ml 3 points 7 months ago

Thx for pointing that out ๐Ÿค™

[โ€“] CameronDev@programming.dev 2 points 7 months ago* (last edited 7 months ago)

Symlink or copy/rename could trigger it, as long as there is a user writable area with execute perms? /home usually allows exec?

Also some of the exec* functions allow manipulating the argv[0], so possibly another vector there.