Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0824

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-0824
Last Modified 07 Mar 2011 09:03:54
Published 14 Nov 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0824

Summary

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.

Vulnerable Systems

Application

  • Gnu Glibc 2.1.1


References

BID - 648

BUGTRAQ - 20000831 glibc unsetenv bug

XF - glibc-ld-unsetenv

TURBO - TLSA2000020-1

BID - 1639

REDHAT - RHSA-2000:057

SUSE - 20000924 glibc locale security problem

MANDRAKE - MDKSA-2000:045

MANDRAKE - MDKSA-2000:040

DEBIAN - 20000902 glibc: local root exploit

CALDERA - CSSA-2000-028.0

BUGTRAQ - 19990917 A few bugs...

BUGTRAQ - 20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched

BUGTRAQ - 20000905 Conectiva Linux Security Announcement - glibc

BUGTRAQ - 20000902 Conectiva Linux Security Announcement - glibc


Last Updated: 27 May 2016 10:35:53