CVE Vulnerabilities

CVE-2001-0169

Published: Mar 26, 2001 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Affected Software

Name Vendor Start Version End Version
Mandrake_linux Mandrakesoft 6.0 6.0
Mandrake_linux Mandrakesoft 6.1 6.1
Mandrake_linux Mandrakesoft 7.0 7.0
Mandrake_linux Mandrakesoft 7.1 7.1
Mandrake_linux Mandrakesoft 7.2 7.2
Mandrake_linux_corporate_server Mandrakesoft 1.0.1 1.0.1
Linux Redhat 6.0 6.0
Linux Redhat 6.0 6.0
Linux Redhat 6.0 6.0
Linux Redhat 6.1 6.1
Linux Redhat 6.1 6.1
Linux Redhat 6.1 6.1
Linux Redhat 6.2 6.2
Linux Redhat 6.2 6.2
Linux Redhat 6.2 6.2
Secure_linux Trustix 1.1 1.1
Secure_linux Trustix 1.2 1.2
Turbolinux Turbolinux * 6.0.5
Turbolinux Turbolinux 6.1 6.1

References