search menu icon-carat-right cmu-wordmark

CERT Coordination Center


glibc does not check SUID bit on libraries in /etc/ld.so.cache

Vulnerability Note VU#386504

Original Release Date: 2001-05-14 | Last Revised: 2001-06-20

Overview

The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files.

Description

The GNU libc library allows preloading libraries via the LD_PRELOAD environment variable, provided the entries in the variable don't contain the / character. When running a SUID program, the library also checks to ensure the library being loaded is SUID. Unfortunately, this check is skipped if the library is already in the /etc/ld.so.cache file.

Impact

Malicious users may pre-load libraries into the cache file, and use those libraries to create or modify privileged files.

Solution

Apply patches available from your operating system vendor; see below.

Vendor Information

386504
Expand all

Caldera

Notified:  January 23, 2001 Updated:  May 14, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/caldera_advisory-1085.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva

Notified:  February 05, 2001 Updated:  May 11, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/other_advisory-1130.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian

Updated:  May 11, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/debian_advisory-683.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde

Notified:  January 16, 2001 Updated:  May 15, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/other_advisory-1349.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix

Notified:  January 19, 2001 Updated:  May 14, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/other_advisory-1131.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft

Notified:  January 18, 2001 Updated:  May 14, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/mandrake_advisory-1061.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

RedHat

Notified:  January 11, 2001 Updated:  May 14, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/redhat_advisory-1045.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SuSE

Notified:  January 26, 2001 Updated:  May 14, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/suse_advisory-1092.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix

Notified:  January 21, 2001 Updated:  May 15, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/other_advisory-1069.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TurboLinux

Notified:  February 14, 2001 Updated:  May 15, 2001

Status

  Vulnerable

Vendor Statement

http://www.linuxsecurity.com/advisories/turbolinux_advisory-1158.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Our thanks to Red-Hat Security for identifying this problem.

This document was last modified by Tim Shimeall

Other Information

CVE IDs: CVE-2001-0169
Severity Metric: 11.99
Date Public: 2001-01-18
Date First Published: 2001-05-14
Date Last Updated: 2001-06-20 14:13 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.