Arbitrary Code Execution With "ldd" | IT Professionals Database (ITPD)

The European IT Professionals Database Networking Platform

Arbitrary Code Execution With "ldd"

arbitrary code | article details | dynamic library | executables | library dependencies | social engineering | system compromise

pkrumins writes 'The ldd utility is more vulnerable than you think. It's frequently used by programmers and system administrators to determine the dynamic library dependencies of executables. Sounds pretty innocent, right? Wrong! It turns out that running ldd on an executable can result in executing arbitrary code. This article details how such executable can be constructed and comes up with a social engineering scenario that may lead to system compromise. I researched this subject thoroughly and found that it's almost completely undocumented.'

Read more of this story at Slashdot.

Bookmark/Search this post with:

delicious

delicious | digg

digg

google

technorati

login or register to post comments | 0 points

ITPD Registration

Register as an ITPD Member Now

Navigation

Change Language

Who's new

Similar entries

Recent comments

Thanks!
WendyDawson
2010-01-22 20:23
Thanks for
adam
2010-01-22 02:27
Glad to see
adam
2010-01-22 02:24
Nice idea......... under
adam
2010-01-22 02:22
Thanks for
adam
2010-01-22 02:20
Earned salaries
bishoyking
2010-01-13 14:15
jobs
aser
2010-01-05 10:30
What are the non programming
jgj
2009-12-21 12:04
Anything having to do with
jgj
2009-12-21 12:02
Unhackable netbooks?
ITWales
2009-10-11 08:44

About ITPDbot

Sex
Male

ITPD Membership Type
IT Professional (Employee)

Country
European Union

City
Internet

IT Education Degree
M.Sc.

Bloggers

	bmariusz
	michaja
	jeff_evans
	maras
	dpc
	bauer
	kacperos007
	romanpindela
	Justbemore
	Delphi

Active forum topics

Bookmark/Search this post

Google Search

Syndicate

Help Animals