Lucene search

[email protected]CVE-2001-0169

HistoryMar 26, 2001 - 5:00 a.m.

CVE-2001-0169

2001-03-2605:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-0169

glibc

suig

sgid

ld.so.cache

ld_preload

nvd

file overwrite

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

CPENameOperatorVersion
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq7.2
trustix:secure_linuxtrustix secure linuxeq1.1
redhat:linuxredhat linuxeq6.1
redhat:linuxredhat linuxeq6.2
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq7.0
redhat:linuxredhat linuxeq6.0
mandrakesoft:mandrake_linux_corporate_servermandrakesoft mandrake linux corporate servereq1.0.1
turbolinux:turbolinuxturbolinuxle6.0.5
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq7.1
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq6.0

CPE	Name	Operator	Version
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	7.2
trustix:secure_linux	trustix secure linux	eq	1.1
redhat:linux	redhat linux	eq	6.1
redhat:linux	redhat linux	eq	6.2
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	7.0
redhat:linux	redhat linux	eq	6.0
mandrakesoft:mandrake_linux_corporate_server	mandrakesoft mandrake linux corporate server	eq	1.0.1
turbolinux:turbolinux	turbolinux	le	6.0.5
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	7.1
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	6.0

Rows per page:

1-10 of 131

References

archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html

www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt

www.debian.org/security/2001/dsa-039

www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2

www.novell.com/linux/security/advisories/2001_001_glibc_txt.html

www.redhat.com/support/errata/RHSA-2001-002.html

www.securityfocus.com/archive/1/157650

www.securityfocus.com/bid/2223

exchange.xforce.ibmcloud.com/vulnerabilities/5971

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2001-0169

nessus2 suse1 cert1 cvelist1 openvas2