Vulnerability Note VU#664141
Debian glibc 2 symlink issue could allow arbitrary file overwriting
Some versions of ld.so, the loader for shared libraries in UNIX/LINUX, do not properly clear risky environment variables, allowing a symlink attack to overwrite arbitrary files.
LD_DEBUG_OUTPUT specifies a directory in which ld.so creates a file with a predictable name based on the process ID. ld.so uses this file to store debugging information. The current version of ld.so does not unset the environment variable LD_DEBUG_OUTPUT prior to calling setuid root programs. Even though setuid root programs are forced to ignore the LD_DEBUG_OUTPUT variable, output would be generated there by programs called from setuid root programs.
By setting up appropriate symlinks, a malicious user could cause arbitrary files to be overwritten with debugging information.
Pending patch information by the vendor, CERT/CC is unaware of a practical solution to this problem.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian||Affected||25 May 2001||08 Jun 2001|
CVSS Metrics (Learn More)
The original report of this vulnerabilty was by Jakub Vlasek .
This document was last modifed by Tim Shimeall.
- CVE IDs: CVE-2000-0959
- Date Public: 26 Sep 2000
- Date First Published: 24 Jul 2001
- Date Last Updated: 31 Jul 2001
- Severity Metric: 0.11
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.