search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Debian glibc 2 symlink issue could allow arbitrary file overwriting

Vulnerability Note VU#664141

Original Release Date: 2001-07-24 | Last Revised: 2001-07-31


Some versions of, the loader for shared libraries in UNIX/LINUX, do not properly clear risky environment variables, allowing a symlink attack to overwrite arbitrary files.


LD_DEBUG_OUTPUT specifies a directory in which creates a file with a predictable name based on the process ID. uses this file to store debugging information. The current version of does not unset the environment variable LD_DEBUG_OUTPUT prior to calling setuid root programs. Even though setuid root programs are forced to ignore the LD_DEBUG_OUTPUT variable, output would be generated there by programs called from setuid root programs.


By setting up appropriate symlinks, a malicious user could cause arbitrary files to be overwritten with debugging information.


Pending patch information by the vendor, CERT/CC is unaware of a practical solution to this problem.

Vendor Information

Affected   Unknown   Unaffected


Notified:  May 25, 2001 Updated:  June 08, 2001



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A



The original report of this vulnerabilty was by Jakub Vlasek .

This document was last modifed by Tim Shimeall.

Other Information

CVE IDs: CVE-2000-0959
Severity Metric: 0.11
Date Public: 2000-09-26
Date First Published: 2001-07-24
Date Last Updated: 2001-07-31 16:29 UTC
Document Revision: 8

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.