Vulnerability Note VU#386504
glibc does not check SUID bit on libraries in /etc/ld.so.cache
The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files.
The GNU libc library allows preloading libraries via the LD_PRELOAD environment variable, provided the entries in the variable don't contain the / character. When running a SUID program, the library also checks to ensure the library being loaded is SUID. Unfortunately, this check is skipped if the library is already in the /etc/ld.so.cache file.
Malicious users may pre-load libraries into the cache file, and use those libraries to create or modify privileged files.
Apply patches available from your operating system vendor; see below.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Caldera||Affected||23 Jan 2001||14 May 2001|
|Conectiva||Affected||05 Feb 2001||11 May 2001|
|Debian||Affected||-||11 May 2001|
|Engarde||Affected||16 Jan 2001||15 May 2001|
|Immunix||Affected||19 Jan 2001||14 May 2001|
|MandrakeSoft||Affected||18 Jan 2001||14 May 2001|
|RedHat||Affected||11 Jan 2001||14 May 2001|
|SuSE||Affected||26 Jan 2001||14 May 2001|
|Trustix||Affected||21 Jan 2001||15 May 2001|
|TurboLinux||Affected||14 Feb 2001||15 May 2001|
CVSS Metrics (Learn More)
Our thanks to Red-Hat Security for identifying this problem.
This document was last modified by Tim Shimeall
- CVE IDs: CAN-2001-0169
- Date Public: 18 Jan 2001
- Date First Published: 14 May 2001
- Date Last Updated: 20 Jun 2001
- Severity Metric: 11.99
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.