Описание
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.
Отчет
This issue can only be exploitable by a local attacker via a static setuid program that calls the dlopen function, causing the library to search LD_LIBRARY_PATH to locate the shared object name to load. No such programs have been found in Red Hat Enterprise Linux at the time of publishing this advisory. However, custom setuid programs, although strongly discouraged as a security practice, may exist and can not be discarded. Due to these reasons, this flaw has been rated with a moderate severity.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | glibc | Not affected | ||
| Red Hat Enterprise Linux 7 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 7 | glibc | Affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Affected | ||
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2025:8686 | 09.06.2025 |
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2025:8686 | 09.06.2025 |
| Red Hat Enterprise Linux 9 | glibc | Fixed | RHSA-2025:8655 | 09.06.2025 |
| Red Hat Enterprise Linux 9 | glibc | Fixed | RHSA-2025:8655 | 09.06.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GN ...
EPSS
7 High
CVSS3