Potential arbitrary code execution via dlopen

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



alsa-project/alsa-lib issue #365 was opened from szsam:

The value of the first argument of dlopen() may come from getenv. Using externally controlled strings in a process operation can allow an attacker to execute malicious commands.

https://github.com/alsa-project/alsa-lib/blob/ed6b07084bfea4155bbc98bcf38508ab81bdd008/src/dlmisc.c#L155
https://github.com/alsa-project/alsa-lib/blob/ed6b07084bfea4155bbc98bcf38508ab81bdd008/src/pcm/pcm_ladspa.c#L1094

Issue URL     : https://github.com/alsa-project/alsa-lib/issues/365
Repository URL: https://github.com/alsa-project/alsa-lib



[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Pulse Audio]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux