CVE Vulnerabilities

CVE-2001-0169

Published: Mar 26, 2001 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Affected Software

Name Vendor Start Version End Version
Mandrake_linux Mandrakesoft 7.2 7.2
Secure_linux Trustix 1.1 1.1
Linux Redhat 6.1 6.1
Linux Redhat 6.2 6.2
Mandrake_linux Mandrakesoft 7.0 7.0
Linux Redhat 6.0 6.0
Linux Redhat 6.1 6.1
Linux Redhat 6.0 6.0
Mandrake_linux_corporate_server Mandrakesoft 1.0.1 1.0.1
Turbolinux Turbolinux * 6.0.5
Mandrake_linux Mandrakesoft 7.1 7.1
Mandrake_linux Mandrakesoft 6.0 6.0
Linux Redhat 6.2 6.2
Turbolinux Turbolinux 6.1 6.1
Linux Redhat 6.0 6.0
Secure_linux Trustix 1.2 1.2
Linux Redhat 6.1 6.1
Linux Redhat 6.2 6.2
Mandrake_linux Mandrakesoft 6.1 6.1

References