2009/10/27 Soh Kam Yung <[email protected]> > [http://www.catonmat.net/blog/ldd-arbitrary-code-execution/] > > On ubuntu 9.04, > > file /usr/bin/ldd > /usr/bin/ldd: Bourne-Again shell script text executable > > ===== > ldd arbitrary code execution > > The `ldd` utility is more vulnerable than you think. It’s frequently > used by programmers and system administrators to determine the dynamic > library dependencies of executables. Sounds pretty innocent, right? > Wrong! > > In this article I am going to show you how to create an executable > that runs arbitrary code if it’s examined by `ldd`. I have also > written a social engineering scenario on how you can get your sysadmin > to unknowingly hand you his privileges. > [...] > It turns out that `ldd` is nothing more than a wrapper > [...] > [Y]ou can put a malicious executable in ~/app/bin/exec and have it > loaded by ~/app/lib/loader.so. If someone does `ldd > /home/you/app/bin/exec` then it’s game over for them. They just ran > the nasty code you had put in your executable. You can do some social > engineering to get the sysadmin to execute `ldd` on your executable > allowing you to gain the control over the box. > [...] > ===== > -- > Soh Kam Yung > my Google Reader Shared links: > (http://www.google.com/reader/shared/16851815156817689753) > my Google Reader Shared SFAS links: > (http://www.google.com/reader/shared/user/16851815156817689753/label/sfas) >
Wow thanks, I needed (to know) this.
_______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
