2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.7%
The GNU libc packages (known as glibc) contain the standard C libraries
used by applications.
It was discovered that the use of LD_DEBUG, LD_SHOW_AUXV, and
LD_DYNAMIC_WEAK were not restricted for a setuid program. A local user
could utilize this flaw to gain information, such as the list of symbols
used by the program. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1453 to this issue.
This erratum addresses the following bugs in the GNU C Library:
All users of glibc should upgrade to these updated packages, which resolve
these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | glibc-utils | < 2.3.2-95.33 | glibc-utils-2.3.2-95.33.ia64.rpm |
RedHat | any | ia64 | glibc-profile | < 2.3.2-95.33 | glibc-profile-2.3.2-95.33.ia64.rpm |
RedHat | any | ia64 | glibc-devel | < 2.3.2-95.33 | glibc-devel-2.3.2-95.33.ia64.rpm |
RedHat | any | ia64 | glibc | < 2.3.2-95.33 | glibc-2.3.2-95.33.ia64.rpm |
RedHat | any | ia64 | glibc-headers | < 2.3.2-95.33 | glibc-headers-2.3.2-95.33.ia64.rpm |
RedHat | any | i686 | glibc | < 2.3.2-95.33 | glibc-2.3.2-95.33.i686.rpm |
RedHat | any | ia64 | glibc-common | < 2.3.2-95.33 | glibc-common-2.3.2-95.33.ia64.rpm |
RedHat | any | ia64 | nscd | < 2.3.2-95.33 | nscd-2.3.2-95.33.ia64.rpm |
RedHat | any | ia64 | nptl-devel | < 2.3.2-95.33 | nptl-devel-2.3.2-95.33.ia64.rpm |