Back to search
CVE-2009-5064
Published: Mar 30, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues
mailing-list
x_refsource_MLIST
[oss-security] 20110308 Re: ldd can execute an app unexpectedly
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=682998
x_refsource_MISC
[oss-security] 20110308 Re: ldd can execute an app unexpectedly
mailing-list
x_refsource_MLIST
[oss-security] 20110308 Re: ldd can execute an app unexpectedly
mailing-list
x_refsource_MLIST
http://reverse.lostrealm.com/protect/ldd.html
x_refsource_MISC
[oss-security] 20110307 Re: CVE Request -- logrotate -- nine issues
mailing-list
x_refsource_MLIST
http://www.catonmat.net/blog/ldd-arbitrary-code-execution/
x_refsource_MISC
[oss-security] 20110307 Re: ldd can execute an app unexpectedly
mailing-list
x_refsource_MLIST
[oss-security] 20110307 ldd can execute an app unexpectedly
mailing-list
x_refsource_MLIST
[oss-security] 20110308 Re: ldd can execute an app unexpectedly
mailing-list
x_refsource_MLIST
RHSA-2011:1526
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=531160
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now