GNU libc (glibc2) LD_DEBUG Arbitrary File Overwrite

2000-09-27T00:00:00
ID OSVDB:1573
Type osvdb
Reporter OSVDB
Modified 2000-09-27T00:00:00

Description

Vulnerability Description

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.

Short Description

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.

References:

ISS X-Force ID: 5299 CVE-2000-0959 CERT VU: 664141 Bugtraq ID: 1719