Monthly Archives: May 2010

Integer overflow in (CVE-2010-0830)

A month or so ago, I reported an integer overflow vulnerability in (the linker/loader included with glibc) that could be exploited to achieve arbitrary code execution. The catch is, the vulnerability is triggered in the processing of a maliciously crafted ELF binary, so the actual potential for exploitation in real life is minimal. In many cases, invoking on an untrusted binary results in the execution of that binary, so in practice this should never be done. However, there are some options that can be used with that should not result in code execution, such as the case … Continue reading

Posted in Exploitation, Linux | Comments disabled