Back to search
CVE-2000-0824
Published: Jan 22, 2001
Modified: Aug 8, 2024
PUBLISHED
Description
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
glibc-ld-unsetenv(5173)
vdb-entry
x_refsource_XF
19990917 A few bugs...
mailing-list
x_refsource_BUGTRAQ
20000924 glibc locale security problem
vendor-advisory
x_refsource_SUSE
20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched
mailing-list
x_refsource_BUGTRAQ
RHSA-2000:057
vendor-advisory
x_refsource_REDHAT
MDKSA-2000:045
vendor-advisory
x_refsource_MANDRAKE
20000902 Conectiva Linux Security Announcement - glibc
mailing-list
x_refsource_BUGTRAQ
1639
vdb-entry
x_refsource_BID
TLSA2000020-1
vendor-advisory
x_refsource_TURBO
20000902 glibc: local root exploit
vendor-advisory
x_refsource_DEBIAN
20000831 glibc unsetenv bug
mailing-list
x_refsource_BUGTRAQ
20000905 Conectiva Linux Security Announcement - glibc
mailing-list
x_refsource_BUGTRAQ
648
vdb-entry
x_refsource_BID
CSSA-2000-028.0
vendor-advisory
x_refsource_CALDERA
MDKSA-2000:040
vendor-advisory
x_refsource_MANDRAKE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now