CVE-2004-1453 — Glibc vulnerability

8 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 76.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc

Timeline

PublishedDec 31

Latest updateApr 29

Description

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debiangnu/glibc< 2.3.5+3

▶NVDgnu/glibc25 versions+24

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-j6cx-h236-3cg8: GNU glibc 2↗2022-04-29

▶

CVEList

CVE-2004-1453: GNU glibc 2↗2005-02-13

▶

OSV

CVE-2004-1453: GNU glibc 2↗2004-12-31

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-08-17

▶

Debian

CVE-2004-1453: glibc - GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 be...↗2004

▶

💬Community

Bugzilla

CVE-2004-1453 security flaw↗2018-08-16

▶