Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200408-16
HistoryAug 16, 2004 - 12:00 a.m.

glibc: Information leak with LD_DEBUG

2004-08-1600:00:00
Gentoo Foundation
security.gentoo.org
23

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Background

The GNU C library defines various Unix-like “system calls” and other basic facilities needed for a standard POSIX-like application to operate.

Description

Silvio Cesare discovered a potential information leak in glibc. It allows LD_DEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be used to gain confidentional information.

Impact

An attacker can gain the list of symbols a SUID application uses and their locations and can then use a trojaned library taking precendence over those symbols to gain information or perform further exploitation.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of glibc.

Resolution

All glibc users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv your_version
 # emerge your_version

Related

nessus 4
cve 1
openvas 2
centos 2
redhat 2
debiancve 1
nessus
nessus
GLSA-200408-16 : glibc: Information leak with LD_DEBUG
2004-08-30 00:00:00
CentOS 3 : glibc (CESA-2005:256)
2006-07-03 00:00:00
RHEL 3 : glibc (RHSA-2005:256)
2005-05-19 00:00:00
cve
cve
CVE-2004-1453
2004-12-31 05:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200408-16 (glibc)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200408-16 (glibc)
2008-09-24 00:00:00
centos
centos
glibc, nptl, nscd security update
2005-05-18 18:01:42
glibc, nscd security update
2005-04-29 04:46:27
redhat
redhat
(RHSA-2005:256) glibc security update
2005-05-18 00:00:00
(RHSA-2005:261) glibc security update
2005-04-28 00:00:00
debiancve
debiancve
CVE-2004-1453
2004-12-31 05:00:00

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for GLSA-200408-16
nessus4cve1openvas2centos2redhat2debiancve1