Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1453

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-1453
Last Modified 21 Aug 2010 12:22:32
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1453

Summary

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.

Vulnerable Systems

Application

  • Gnu Glibc 2.0

  • Gnu Glibc 2.0.1

  • Gnu Glibc 2.0.2

  • Gnu Glibc 2.0.3

  • Gnu Glibc 2.0.4

  • Gnu Glibc 2.0.5

  • Gnu Glibc 2.0.6

  • Gnu Glibc 2.1

  • Gnu Glibc 2.1.1

  • Gnu Glibc 2.1.1.6

  • Gnu Glibc 2.1.2

  • Gnu Glibc 2.1.3

  • Gnu Glibc 2.1.3.10

  • Gnu Glibc 2.1.9

  • Gnu Glibc 2.2

  • Gnu Glibc 2.2.1

  • Gnu Glibc 2.2.2

  • Gnu Glibc 2.2.3

  • Gnu Glibc 2.2.4

  • Gnu Glibc 2.2.5

  • Gnu Glibc 2.3

  • Gnu Glibc 2.3.1

  • Gnu Glibc 2.3.2

  • Gnu Glibc 2.3.3

  • Gnu Glibc 2.3.4


References

BID - 10963

SECUNIA - 12306

XF - glibc-suid-info-disclosure(17006)

REDHAT - RHSA-2005:261

REDHAT - RHSA-2005:256

GENTOO - GLSA-200408-16

MISC - http://bugs.gentoo.org/show_bug.cgi?id=59526


Last Updated: 27 May 2016 10:39:02