[Lug-nuts] loony toons

Check this exploit out! "In our exploit, we simply fill our 6MB of environment strings with 0xfffffffffffffff8 (-8), because at an offset of -8B below the string table of most SUID-root programs, the string "\x08" appears: this forces ld.so to trust a relative directory named "\x08" (in our current working directory), and therefore allows us to load and execute our own libc.so.6 or LD_PRELOAD library from this directory, as root." Is that wild or what? I was checking the changelog.txt for Slackware 32 bit. l/glibc-2.37-i586-3.txz: Rebuilt. Patched to fix the "Looney Tunables" vulnerability, a local privilege escalation in ld.so. This vulnerability was introduced in April 2021 (glibc 2.34) by commit 2ed18c. Thanks to Qualys Research Labs for reporting this issue. For more information, see: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privi… https://www.cve.org/CVERecord?id=CVE-2023-4911 (* Security fix *) Brian -- Brian Lavender http://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture