When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mandrake_linux | Mandrakesoft | 6.0 (including) | 6.0 (including) |
Mandrake_linux | Mandrakesoft | 6.1 (including) | 6.1 (including) |
Mandrake_linux | Mandrakesoft | 7.0 (including) | 7.0 (including) |
Mandrake_linux | Mandrakesoft | 7.1 (including) | 7.1 (including) |
Mandrake_linux | Mandrakesoft | 7.2 (including) | 7.2 (including) |
Mandrake_linux_corporate_server | Mandrakesoft | 1.0.1 (including) | 1.0.1 (including) |
Linux | Redhat | 6.0 (including) | 6.0 (including) |
Linux | Redhat | 6.1 (including) | 6.1 (including) |
Linux | Redhat | 6.2 (including) | 6.2 (including) |
Secure_linux | Trustix | 1.1 (including) | 1.1 (including) |
Secure_linux | Trustix | 1.2 (including) | 1.2 (including) |
Turbolinux | Turbolinux | * | 6.0.5 (including) |
Turbolinux | Turbolinux | 6.1 (including) | 6.1 (including) |
Red Hat Linux 6.0 | RedHat | * | |
Red Hat Linux 6.1 | RedHat | * | |
Red Hat Linux 6.2 | RedHat | * |