Vulnerabilities > CVE-2000-0824 - Unspecified vulnerability in GNU Glibc 2.1.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
Exploit-Db
| description | ProFTPD 1.2 pre6 snprintf Vulnerability. CVE-2000-0824. Remote exploit for linux platform |
| id | EDB-ID:19503 |
| last seen | 2016-02-02 |
| modified | 1999-09-17 |
| published | 1999-09-17 |
| reporter | Tymm Twillman |
| source | https://www.exploit-db.com/download/19503/ |
| title | ProFTPD 1.2 pre6 - snprintf Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2000-040.NASL description A bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be specified with environment variables such as LD_PRELOAD. Because this is not acceptable for applications that are setuid root, ld.so normally removes these environment variables for setuid root programs. The discovered bug causes these environment variables to not be removed under certain circumstances. While setuid programs themselves are not vulnerable, external programs they execute can be affected by this problem. These updated packages contain a patch from Caldera Systems, Inc. that fixes this vulernability. It should be noted that as of yet there are no known exploits for this problem, but all users should update to these glibc packages. last seen 2020-06-01 modified 2020-06-02 plugin id 61833 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61833 title Mandrake Linux Security Advisory : glibc (MDKSA-2000:040) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2000-045.NASL description A bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be specified with environment variables such as LD_PRELOAD. Because this is not acceptable for applications that are setuid root, ld.so normally removes these environment variables for setuid root programs. The discovered bug causes these environment variables to not be removed under certain circumstances. While setuid programs themselves are not vulnerable, external programs they execute can be affected by this problem. A number of additional bugs have been found in the glibc locale and internationaliztion security checks. In internationalized programs, users are permitted to select a locale or choose message catalogues using environment variables such as LANG or LC_*. The content of these variables is then used as part of the pathname used to search message catalogues or locale files. Under normal circumstances, if these variables contained the last seen 2020-06-01 modified 2020-06-02 plugin id 61837 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61837 title Mandrake Linux Security Advisory : glibc (MDKSA-2000:045-1)
Redhat
| advisories |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html
- http://marc.info/?l=bugtraq&m=93760201002154&w=2
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt
- http://www.debian.org/security/2000/20000902
- http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3
- http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3
- http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
- http://www.redhat.com/support/errata/RHSA-2000-057.html
- http://www.securityfocus.com/archive/1/79537
- http://www.securityfocus.com/bid/1639
- http://www.securityfocus.com/bid/648
- http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5173