[原文]Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv) and forcing ld.so/ld-linux.so to report an error.
A local overflow exists in the 'ld.so' dynamic linkers in some Linux distributions. By forcing an error while calling a dynamically linked setuid program with a long program name (argv), a local attacker can overflow a buffer and execute arbitrary code on the system and use this vulnerability to gain root privileges on the system.
Upgrade to ld.so/ld-linux.so version 1.9.5 or higher, as it has been reported to fix this vulnerability. For Caldera OpenLinux 1.1 upgrade to ld.so package version 1.7.14-5 or higher, as it has been reported to fix this vulnerability. KSRT has also released an unofficial patch to address this vulnerability.