Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:686403
HistoryMay 17, 2001 - 12:00 a.m.

ld.so fails to unset LD_PRELOAD before executing suid root programs

2001-05-1700:00:00
www.kb.cert.org
34

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

0.4%

JSON

Overview

ld.so fails to unset LD_PRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries.

Description

ld.so, the UNIX/LINUX dynamic loader, fails in some conditions (and some operating system releases) to unset LD_PRELOAD before loading suid root programs for execution. Even though setuid root programs ignore LD_PRELOAD, programs called from suid root programs would use LD_PRELOAD and be loaded with insecure or malicious libraries and executed as root.

Impact

By altering LD_PRELOAD, attackers could cause malicious libraries to be loaded by programs called from setuid root programs, which then could execute arbitrary code as root.

Solution

Apply vendor patches; see the Systems Affected section below.

Vendor Information

686403

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Caldera __ Affected

Notified: August 30, 2000 Updated: May 15, 2001

Status

Affected

Vendor Statement

<http://www.linuxsecurity.com/advisories/caldera_advisory-657.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

FreeBSD __ Affected

Notified: September 08, 2000 Updated: May 15, 2001

Status

Affected

Vendor Statement

Since FreeBSD does not use glibc (which is Linux-specific software) we are not vulnerable to the unsetenv() bug.

However, FreeBSD does have some minor issues in its locale implementation. These do not affect any program in the FreeBSD base system (i.e. they are not exploitable locally or remotely on a FreeBSD system with no third party software installed), and no such third party software (including ports) are in fact known to be vulnerable. We recommend users obtain FreeBSD Security Advisory 00:47 for more information including instructions for detecting vulnerable binaries.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

MandrakeSoft __ Affected

Notified: August 30, 2000 Updated: May 15, 2001

Status

Affected

Vendor Statement

<http://www.linuxsecurity.com/advisories/mandrake_advisory-667.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

TurboLinux __ Affected

Notified: February 19, 2001 Updated: May 15, 2001

Status

Affected

Vendor Statement

<http://www.linuxsecurity.com/advisories/turbolinux_advisory-1158.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Apple __ Not Affected

Notified: September 08, 2000 Updated: May 15, 2001

Status

Not Affected

Vendor Statement

We've determined that glibc is not used in Mac OS X, and we are therefore not exposed to the problems identified within glibc.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Compaq Computer Corporation __ Not Affected

Notified: September 08, 2000 Updated: May 15, 2001

Status

Not Affected

Vendor Statement

(c) Copyright 2000 Compaq Computer Corporation. All rights reserved.

SOURCE: Compaq Computer Corporation Compaq Services Software Security Response Team USA

The reported problems have not been found to affect the as shipped, Compaq Tru64/UNIX Operating Systems Software.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Fujitsu __ Not Affected

Notified: September 08, 2000 Updated: May 15, 2001

Status

Not Affected

Vendor Statement

Regarding VU#686403 (ld.so fails to unset LD_PRELOAD before executing suid root programs), the Fujitsu UXP/V operating system is not vulnerable to this problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Hewlett Packard __ Not Affected

Notified: September 08, 2000 Updated: May 15, 2001

Status

Not Affected

Vendor Statement

HP-UX does not implement LD_PRELOAD.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Microsoft __ Not Affected

Notified: September 08, 2000 Updated: May 15, 2001

Status

Not Affected

Vendor Statement

Received confirmation from our development team and we are NOT vulnerable to the various scenarios described.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

OpenBSD __ Not Affected

Notified: September 08, 2000 Updated: May 15, 2001

Status

Not Affected

Vendor Statement

Vendor has reported no products having this vulnerability

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

SCO __ Not Affected

Notified: September 08, 2000 Updated: May 15, 2001

Status

Not Affected

Vendor Statement

SCO OpenServer Release 5 and UnixWare 7 systems are not vulnerable to this exploit. The static and dynamic loaders in SCO products do not use LD_PRELOAD.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

BSDI Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Data General Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

IBM Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

NCR Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

NEC Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

NeXT Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

NetBSD Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

RedHat Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

SGI Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Siemens Nixdorf Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Sony Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Sun Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

Unisys Unknown

Notified: September 08, 2000 Updated: May 15, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).

View all 24 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.securityfocus.com/vdb/bottom.html?vid=1639&gt;

Acknowledgements

The original public announcement was by Solar Designer .

This document was last modified by Tim Shimeall

Other Information

CVE IDs: CVE-2000-0824
Severity Metric: 6.73 Date Public:

Related

cvelist 1
cert 1
exploitdb 1
nessus 2
cve 1
nvd 1
cvelist
cvelist
CVE-2000-0824
2001-01-22 05:00:00
cert
cert
glibc unsetenv fails to properly handle environment variables passed more than once to a program
2001-05-17 00:00:00
exploitdb
exploitdb
ProFTPd 1.2 pre6 - &#039;snprintf&#039; Remote Root
1999-09-17 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : glibc (MDKSA-2000:045-1)
2012-09-06 00:00:00
Mandrake Linux Security Advisory : glibc (MDKSA-2000:040)
2012-09-06 00:00:00
cve
cve
CVE-2000-0824
2001-01-22 05:00:00
nvd
nvd
CVE-2000-0824
2000-11-14 05:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

0.4%

JSON
Related for VU:686403
cvelist1cert1exploitdb1nessus2cve1nvd1