CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
0.4%
ld.so fails to unset LD_PRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries.
ld.so, the UNIX/LINUX dynamic loader, fails in some conditions (and some operating system releases) to unset LD_PRELOAD before loading suid root programs for execution. Even though setuid root programs ignore LD_PRELOAD, programs called from suid root programs would use LD_PRELOAD and be loaded with insecure or malicious libraries and executed as root.
By altering LD_PRELOAD, attackers could cause malicious libraries to be loaded by programs called from setuid root programs, which then could execute arbitrary code as root.
Apply vendor patches; see the Systems Affected section below.
686403
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 30, 2000 Updated: May 15, 2001
Affected
<http://www.linuxsecurity.com/advisories/caldera_advisory-657.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Affected
Since FreeBSD does not use glibc (which is Linux-specific software) we are not vulnerable to the unsetenv() bug.
However, FreeBSD does have some minor issues in its locale implementation. These do not affect any program in the FreeBSD base system (i.e. they are not exploitable locally or remotely on a FreeBSD system with no third party software installed), and no such third party software (including ports) are in fact known to be vulnerable. We recommend users obtain
FreeBSD Security Advisory 00:47
for more information including instructions for detecting vulnerable binaries.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: August 30, 2000 Updated: May 15, 2001
Affected
<http://www.linuxsecurity.com/advisories/mandrake_advisory-667.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: February 19, 2001 Updated: May 15, 2001
Affected
<http://www.linuxsecurity.com/advisories/turbolinux_advisory-1158.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Not Affected
We've determined that glibc is not used in Mac OS X, and we are therefore not exposed to the problems identified within glibc.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Not Affected
(c) Copyright 2000 Compaq Computer Corporation. All rights reserved.
SOURCE: Compaq Computer Corporation Compaq Services Software Security Response Team USA
The reported problems have not been found to affect the as shipped, Compaq Tru64/UNIX Operating Systems Software.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Not Affected
Regarding VU#686403 (ld.so fails to unset LD_PRELOAD before executing suid root programs), the Fujitsu UXP/V operating system is not vulnerable to this problem.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Not Affected
HP-UX does not implement LD_PRELOAD.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Not Affected
Received confirmation from our development team and we are NOT vulnerable to the various scenarios described
.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Not Affected
Vendor has reported no products having this vulnerability
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Not Affected
SCO OpenServer Release 5 and UnixWare 7 systems are not vulnerable to this exploit. The static and dynamic loaders in SCO products do not use LD_PRELOAD
.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
Notified: September 08, 2000 Updated: May 15, 2001
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23686403 Feedback>).
View all 24 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.securityfocus.com/vdb/bottom.html?vid=1639>
The original public announcement was by Solar Designer .
This document was last modified by Tim Shimeall
CVE IDs: | CVE-2000-0824 |
---|---|
Severity Metric: | 6.73 Date Public: |