1. CVE-Search
  2. CVE-2001-0169
ID CVE-2001-0169
Summary When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
References
Vulnerable Configurations
  • cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.0:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.0:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.1:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.1:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*
  • cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*
    cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
    cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
    cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux:*:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:turbolinux:turbolinux:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:turbolinux:turbolinux:6.1:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2001:002
refmap via4
bid 2223
bugtraq 20010121 Trustix Security Advisory - glibc
caldera CSSA-2001-007
debian DSA-039
mandrake MDKSA-2001:012
suse SuSE-SA:2001:01
turbo TLSA2000021-2
xf linux-glibc-preload-overwrite(5971)
Last major update 10-10-2017 - 01:29
Published 26-03-2001 - 05:00
Last modified 10-10-2017 - 01:29
Back to Top