Описание
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glibc | fixed | 2.3.5 | package |
Примечания
according to GOTO Masanori this is not a security problem
Jakub Jelinek confirms http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html
Although not a real issue we should play safe with 2.3.5, where the code
was reorganized
Связанные уязвимости
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить конфиденциальность защищаемой информации
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие злоумышленнику нарушить целостность защищаемой информации