CVE Vulnerabilities

CVE-2001-0169

Published: Mar 26, 2001 | Modified: Nov 20, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Affected Software

Name Vendor Start Version End Version
Mandrake_linux Mandrakesoft 6.0 (including) 6.0 (including)
Mandrake_linux Mandrakesoft 6.1 (including) 6.1 (including)
Mandrake_linux Mandrakesoft 7.0 (including) 7.0 (including)
Mandrake_linux Mandrakesoft 7.1 (including) 7.1 (including)
Mandrake_linux Mandrakesoft 7.2 (including) 7.2 (including)
Mandrake_linux_corporate_server Mandrakesoft 1.0.1 (including) 1.0.1 (including)
Linux Redhat 6.0 (including) 6.0 (including)
Linux Redhat 6.1 (including) 6.1 (including)
Linux Redhat 6.2 (including) 6.2 (including)
Secure_linux Trustix 1.1 (including) 1.1 (including)
Secure_linux Trustix 1.2 (including) 1.2 (including)
Turbolinux Turbolinux * 6.0.5 (including)
Turbolinux Turbolinux 6.1 (including) 6.1 (including)
Red Hat Linux 6.0 RedHat *
Red Hat Linux 6.1 RedHat *
Red Hat Linux 6.2 RedHat *

References