CVE-1999-1182

Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.

Score7.2
Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE
Published1997-07-17 12:00:00.000-04
Last Modified2016-10-17 10:01:59.000-04

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 4.0
Caldera Openlinux Lite 1.1
Redhat Linux 4.0, 4.1, 4.2
Delix Dld 5.2
Lst Lst Power Linux 2.2
Suse Suse Linux 5.0

References

SourceLink
BUGTRAQ19970717 KSR[T] Advisory #2: ld.so
BUGTRAQ19970722 ld.so vulnerability
BUGTRAQ19980204 An old ld-linux.so hole