Описание
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2004-1453
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17006
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10762
- http://bugs.gentoo.org/show_bug.cgi?id=59526
- http://secunia.com/advisories/12306
- http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml
- http://www.redhat.com/support/errata/RHSA-2005-256.html
- http://www.redhat.com/support/errata/RHSA-2005-261.html
- http://www.securityfocus.com/bid/10963
EPSS
CVE ID
Связанные уязвимости
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, an ...
Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить конфиденциальность защищаемой информации
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие злоумышленнику нарушить целостность защищаемой информации
EPSS