CVE-2001-0169
published 2001-03-26CVE-2001-0169: When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also…
low2.1CVSS 3.1
AVLACLAuNCNIPAN
EXPLOIT
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux_corporate_server | — | — |
| redhat | linux | — | — |
| redhat | linux | — | — |
| redhat | linux | — | — |
| trustix | secure_linux | — | — |
| trustix | secure_linux | — | — |
| turbolinux | turbolinux | <= 6.0.5 | — |
| turbolinux | turbolinux | — | — |