GNU glibc 2.3.4 prior to 2.3.4.20040619, 2.3.3 prior to 2.3.3.20040420, and 2.3.2 prior to 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu glibc 2.0.1 |
||
gnu glibc 2.0.2 |
||
gnu glibc 2.1.1.6 |
||
gnu glibc 2.1.2 |
||
gnu glibc 2.2.4 |
||
gnu glibc 2.2.5 |
||
gnu glibc 2.0.3 |
||
gnu glibc 2.0.4 |
||
gnu glibc 2.1.3 |
||
gnu glibc 2.1.3.10 |
||
gnu glibc 2.3 |
||
gnu glibc 2.3.1 |
||
gnu glibc 2.0.5 |
||
gnu glibc 2.0.6 |
||
gnu glibc 2.1.9 |
||
gnu glibc 2.2 |
||
gnu glibc 2.2.1 |
||
gnu glibc 2.3.2 |
||
gnu glibc 2.3.3 |
||
gnu glibc 2.0 |
||
gnu glibc 2.1 |
||
gnu glibc 2.1.1 |
||
gnu glibc 2.2.2 |
||
gnu glibc 2.2.3 |
||
gnu glibc 2.3.4 |