CVE-2001-0169

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Affected Software

Name	Vendor	Start Version	End Version
Mandrake_linux	Mandrakesoft	6.0 (including)	6.0 (including)
Mandrake_linux	Mandrakesoft	6.1 (including)	6.1 (including)
Mandrake_linux	Mandrakesoft	7.0 (including)	7.0 (including)
Mandrake_linux	Mandrakesoft	7.1 (including)	7.1 (including)
Mandrake_linux	Mandrakesoft	7.2 (including)	7.2 (including)
Mandrake_linux_corporate_server	Mandrakesoft	1.0.1 (including)	1.0.1 (including)
Linux	Redhat	6.0 (including)	6.0 (including)
Linux	Redhat	6.1 (including)	6.1 (including)
Linux	Redhat	6.2 (including)	6.2 (including)
Secure_linux	Trustix	1.1 (including)	1.1 (including)
Secure_linux	Trustix	1.2 (including)	1.2 (including)
Turbolinux	Turbolinux	*	6.0.5 (including)
Turbolinux	Turbolinux	6.1 (including)	6.1 (including)
Red Hat Linux 6.0	RedHat		*
Red Hat Linux 6.1	RedHat		*
Red Hat Linux 6.2	RedHat		*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2001-0169
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References