When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mandrake_linux | Mandrakesoft | 7.2 | 7.2 |
Secure_linux | Trustix | 1.1 | 1.1 |
Linux | Redhat | 6.1 | 6.1 |
Linux | Redhat | 6.2 | 6.2 |
Mandrake_linux | Mandrakesoft | 7.0 | 7.0 |
Linux | Redhat | 6.0 | 6.0 |
Linux | Redhat | 6.1 | 6.1 |
Linux | Redhat | 6.0 | 6.0 |
Mandrake_linux_corporate_server | Mandrakesoft | 1.0.1 | 1.0.1 |
Turbolinux | Turbolinux | * | 6.0.5 |
Mandrake_linux | Mandrakesoft | 7.1 | 7.1 |
Mandrake_linux | Mandrakesoft | 6.0 | 6.0 |
Linux | Redhat | 6.2 | 6.2 |
Turbolinux | Turbolinux | 6.1 | 6.1 |
Linux | Redhat | 6.0 | 6.0 |
Secure_linux | Trustix | 1.2 | 1.2 |
Linux | Redhat | 6.1 | 6.1 |
Linux | Redhat | 6.2 | 6.2 |
Mandrake_linux | Mandrakesoft | 6.1 | 6.1 |