Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0824 — Glibc vulnerability

6 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.3%

top 46.11%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

GNU Glibc

Timeline

PublishedNov 14

Latest updateApr 30

Description

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDgnu/glibc2.1.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7573-6fcp-5wh3: The unsetenv function in glibc 2↗2022-04-30

▶

CVEList

CVE-2000-0824: The unsetenv function in glibc 2↗2001-01-22

▶

💥Exploits & PoCs

Exploit-DB

ProFTPd 1.2 pre6 - 'snprintf' Remote Root↗1999-09-17

▶

📋Vendor Advisories

Red Hat

security flaw↗1999-09-17

▶

💬Community

Bugzilla

CVE-2000-0824 security flaw↗2018-08-16

▶