Description
Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.
Product(s):
- delix dld 5.2
- caldera openlinux_lite 1.1
- Debian GNU/Linux 4.0
- Debian Linux 4.0 Alpha Edition
- Debian Linux 4.0 AMD64 Edition
- Debian Linux 4.0 ARM Edition
- Debian Linux 4.0 HPPA Edition
- Debian Linux 4.0 IA-32 Edition
- Debian Linux 4.0 IA-64 Edition
- Debian Linux 4.0 M68K Edition
- Debian Linux 4.0 MIPS Edition
- Debian Linux 4.0 MIPSEL Edition
- Debian Linux 4.0 PowerPC Edition
- Debian Linux 4.0 S-390 Edition
- Debian Linux 4.0 Sparc Edition
- lst lst_power_linux 2.2
- Red Hat Linux 4.0
- Red Hat Linux 4.1
- Red Hat Linux 4.2
- SuSE SuSE Linux 5.0
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-1999-1182, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-1999-1182 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.