When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mandrakesoft mandrake linux corporate server 1.0.1 |
||
redhat linux 6.0 |
||
redhat linux 6.2 |
||
mandrakesoft mandrake linux 6.1 |
||
mandrakesoft mandrake linux 7.0 |
||
redhat linux 6.1 |
||
turbolinux turbolinux |
||
mandrakesoft mandrake linux 7.1 |
||
mandrakesoft mandrake linux 7.2 |
||
mandrakesoft mandrake linux 6.0 |
||
trustix secure linux 1.1 |
||
trustix secure linux 1.2 |
||
turbolinux turbolinux 6.1 |