SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#686403

ld.so fails to unset LD_PRELOAD before executing suid root programs

Overview

ld.so fails to unset LD_PRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries.

I. Description

ld.so, the UNIX/LINUX dynamic loader, fails in some conditions (and some operating system releases) to unset LD_PRELOAD before loading suid root programs for execution. Even though setuid root programs ignore LD_PRELOAD, programs called from suid root programs would use LD_PRELOAD and be loaded with insecure or malicious libraries and executed as root.

II. Impact

By altering LD_PRELOAD, attackers could cause malicious libraries to be loaded by programs called from setuid root programs, which then could execute arbitrary code as root.

III. Solution

Apply vendor patches; see the Systems Affected section below.

Systems Affected
VendorStatusDate NotifiedDate Updated
AppleNot Vulnerable15-May-2001
BSDIUnknown15-May-2001
CalderaVulnerable15-May-2001
Compaq Computer CorporationNot Vulnerable15-May-2001
Data GeneralUnknown15-May-2001
FreeBSDVulnerable15-May-2001
FujitsuNot Vulnerable15-May-2001
Hewlett PackardNot Vulnerable15-May-2001
IBMUnknown15-May-2001
MandrakeSoftVulnerable15-May-2001
MicrosoftNot Vulnerable15-May-2001
NCRUnknown15-May-2001
NECUnknown15-May-2001
NetBSDUnknown15-May-2001
NeXTUnknown15-May-2001
OpenBSDNot Vulnerable15-May-2001
RedHatUnknown15-May-2001
SCONot Vulnerable15-May-2001
SGIUnknown15-May-2001
Siemens NixdorfUnknown15-May-2001
SonyUnknown15-May-2001
SunUnknown15-May-2001
TurboLinuxVulnerable15-May-2001
UnisysUnknown15-May-2001

References

VU#386504 - similar vulnerability for glibc
VU#2568 - rsh LD_PRELOAD vulnerability
VU#5510 - replacing shared libraries at run-time
http://www.securityfocus.com/vdb/bottom.html?vid=1639

Credit

The original public announcement was by Solar Designer <solar@false.com>.

This document was last modified by Tim Shimeall

Other Information

Date Public:2000-08-31
Date First Published:2001-05-17
Date Last Updated:2001-06-21
CERT Advisory: 
CVE-ID(s):CVE-2000-0824
NVD-ID(s):CVE-2000-0824
US-CERT Technical Alerts: 
Severity Metric:6.73
Document Revision:6

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader