FreeBSD Information for VU#686403
ld.so fails to unset LD_PRELOAD before executing suid root programs
- Vendor Information Help Date Notified: 08 Sep 2000
- Statement Date:
- Date Updated: 15 May 2001
Since FreeBSD does not use glibc (which is Linux-specific software) we are
not vulnerable to the unsetenv() bug.
However, FreeBSD does have some minor issues in its locale implementation.
These do not affect any program in the FreeBSD base system (i.e. they are
not exploitable locally or remotely on a FreeBSD system with no third
party software installed), and no such third party software (including
ports) are in fact known to be vulnerable. We recommend users obtain
FreeBSD Security Advisory 00:47 for more information including
instructions for detecting vulnerable binaries.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.