CVE-2009-5064 — Glibc vulnerability

CWE-2648 documents7 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 74.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc

Timeline

PublishedMar 30

Latest updateMay 2

Description

ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶Debiangnu/glibc< 2.10.1-7+3

▶NVDgnu/glibc2.1.3+22

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-jx79-x2m5-439p: ** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2↗2022-05-02

▶

CVEList

CVE-2009-5064: ldd in the GNU C Library (aka glibc or libc6) 2↗2011-03-30

▶

OSV

CVE-2009-5064: ldd in the GNU C Library (aka glibc or libc6) 2↗2011-03-30

▶

📋Vendor Advisories

Red Hat

glibc: ldd unexpected code execution issue↗2009-10-26

▶

Debian

CVE-2009-5064: glibc - ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local user...↗2009

▶

💬Community

Bugzilla

CVE-2009-5064 glibc: ldd unexpected code execution issue [rhel-6.2]↗2011-06-14

▶

Bugzilla

CVE-2009-5064 glibc: ldd unexpected code execution issue↗2011-03-31

▶