Root access vulnerability in glibc library impacts many Linux distros (securityaffairs.com)
from BlanK0@lemmy.ml to security@lemmy.ml on 31 Jan 2024 12:17
https://lemmy.ml/post/11286692

#security

threaded - newest

immibis@social.immibis.com on 31 Jan 2024 12:38 collapse
@BlanK0 @security the fix commit says the problem occurs when the program name is very long - so probably not very exploitable, as the program name is usually set in stone.
BlanK0@lemmy.ml on 31 Jan 2024 12:40 next collapse

Thx for pointing that out 🤙

CameronDev@programming.dev on 31 Jan 2024 14:50 collapse

Symlink or copy/rename could trigger it, as long as there is a user writable area with execute perms? /home usually allows exec?

Also some of the exec* functions allow manipulating the argv[0], so possibly another vector there.