Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2000-0824

Published: 14/11/2000 Updated: 10/10/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Glibc

Vulnerability Summary

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc 2.1.1

Exploits

Exploit DB: ProFTPd 1.2 pre6 - 'snprintf' Remote Root
source: wwwsecurityfocuscom/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability On systems that support it ProFTPD will attempt to modify the name of the program being executed (argv[0]) to display the command being executed by the logged on user It does this by using snprintf to copy the input ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/79537http://www.securityfocus.com/bid/648http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txthttp://www.debian.org/security/2000/20000902http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3http://www.redhat.com/support/errata/RHSA-2000-057.htmlhttp://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.htmlhttp://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-08/0436.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-08/0509.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-08/0525.htmlhttp://www.securityfocus.com/bid/1639http://marc.info/?l=bugtraq&m=93760201002154&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/5173https://nvd.nist.govhttps://www.exploit-db.com/exploits/19503/https://www.kb.cert.org/vuls/id/846832
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook