Posted by Hector Marco-Gisbert on Sep 07

Hello,

A weakness in the dynamic loader have been found, Glibc prior to 2.22.90
are affected. The issue is that the LD_POINTER_GUARD in the environment
is not sanitized allowing local attackers easily to bypass the pointer
guarding protection on set-user-ID and set-group-ID programs.

Details and PoC at:
http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html

A patch is already sent to Glibc maintainers. This issue is similar to…