|
|
|
Vulnerability Note VU#386504
glibc does not check SUID bit on libraries in /etc/ld.so.cache
OverviewThe GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files.
I. DescriptionThe GNU libc library allows preloading libraries via the LD_PRELOAD environment variable, provided the entries in the variable don't contain the / character. When running a SUID program, the library also checks to ensure the library being loaded is SUID. Unfortunately, this check is skipped if the library is already in the /etc/ld.so.cache file. II. ImpactMalicious users may pre-load libraries into the cache file, and use those libraries to create or modify privileged files.III. SolutionApply patches available from your operating system vendor; see below.Systems Affected
References
http://www.securityfocus.com/bid/2223
http://www.linuxsecurity.com/advisories/redhat_advisory-1045.html
http://www.linuxsecurity.com/advisories/debian_advisory-1198.html
http://www.linuxsecurity.com/advisories/other_advisory-1349.html
http://www.linuxsecurity.com/advisories/other_advisory-1130.html
http://www.linuxsecurity.com/advisories/mandrake_advisory-1061.html
http://www.linuxsecurity.com/advisories/turbolinux_advisory-1158.html
http://www.linuxsecurity.com/advisories/suse_advisory-1092.html
http://www.linuxsecurity.com/advisories/caldera_advisory-1085.html
http://www.linuxsecurity.com/advisories/other_advisory-1069.html
Credit
Our thanks to Red-Hat Security for identifying this problem.
This document was last modified by Tim Shimeall
Other Information
| Date Public | 01/18/2001 |
| Date First Published | 05/14/2001 04:09:04 PM |
| Date Last Updated | 06/20/2001 |
| CERT Advisory | |
| CVE Name | CAN-2001-0169 |
| Metric | 11.99 |
| Document Revision | 14 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
